I recently moved my work machine from Windows to Linux and chose Debian Trixie + KDE Plasma for the stability. The advice is that if stability is your priority, you should try to avoid breaking Debian. I understand that adding third-party sources can cause dependencies conflicts, and must be avoided at all costs. I also understand that Flatpaks, AppImages, Snaps, and Docker/Podman images are safe because they don’t interfere with the system dependencies. So far, so good. What I don’t understand is what happens with other ways of installing software (eg .deb, tarballs).
I know it’s a contentious subject but if stability is the priority, how would you rank different methods? I may be wrong but my take is:
Debian repository > Flatpak > Appimage > Docker/Podman > Snap > tarball
To be avoided: .deb for Debian > .deb for Ubuntu > PPAs
Eg Viber is available as an official AppImage (with certain bugs), unofficial flatpak (with other bugs), and an official .deb for Ubuntu (which is probably a bad idea for Debian anyway). Viber support told me they don’t support my OS.
Debian is known to be stable as in “staying the same”, you won’t get any big version updates on the programs in the debian repository, just backported security updates. That ensures that you don’t end up with dependency mismatches where different programs want the same library but different versioning.
It also means that as Trixie ages the version you get from the repo will be further and further behind as you will still be running 2025 versions with backported security updates until you upgrade to Debian 14.By installing random .tarballs and .debs outside the default repository the main advantage of Debian Stable is nulled.
I would actually recommend going all in on flatpaks, appimages and dockers if your goal is to keep the main system stable and lean. You might also wanna look at distrobox for running programs that aren’t officially available for your distro.
Another thing too look at is atomic distros, such as Fedora Kinoite https://fedoraproject.org/atomic-desktops/kinoite/Yeah, I only use Debian to host Docker images. My main desktop is Pop OS, but I’ve been pondering switching to Fedora or something similar.
Fedora KDE is my main workstation distro and it’s been treating me fine.
I chose between that and opensuse Tumbleweed and ended up trying Fedora for the simple reason of having a larger user base than opensuse.
I’m still curious to try out opensuse tumbleweed but fedora has just kept going and I’ve felt no need to fix or switch.
I agree with the popular view that Debian Stable + KDE Plasma + Flatpaks (or Appimage, Docker) strikes a balance between system reliability and freshness in selected applications when that counts. I may be missing updates for KDE Plasma but v6 is quite mature so I don’t mind. I know storage is cheap but I am instinctively uneasy with containerisation as it’s done by Flatpaks etc because of the duplication you get with all-in. But if that’s the price of reliability, so be it. It’s just that sometimes there is only a PPA or a .deb, which is why I asked.
EDIT: I just tried distrobox for the first time. It is amazing how efficient it is. I ran Firefox on Arch and I couldn’t tell the difference in resources. Amazing really.
If the goal is stability, I would have likely started with an immutable OS. This creates certain assurances for the base OS to be in a known good state.
With that base, I’d tend towards:
Flatpak > Container > AppImageMy reasoning for this being:
- Installing software should not effect the base OS (nor can it with an immutable OS). Changes to the base OS and system libraries are a major source of instability and dependency hell. So, everything should be self contained.
- Installing one software package should not effect another software package. This is basically pushing software towards being immutable as well. The install of Software Package 1, should have no way to bork Software Package 2. Hence the need for isolating those packages as flatpaks, AppImages or containers.
- Software should be updated (even on Linux, install your fucking updates). This is why I have Flatpak at the top of the list, it has a built in mechanism for updating. Container images can be made to update reasonably automatically, but have risks. By using something like docker-compose and having services tied to the “:latest” tag, images would auto-update. However, its possible to have stacks where a breaking change is made in one service before another service is able to deal with it. So, I tend to tag things to specific versions and update those manually. Finally, while I really like AppImages, updating them is 100% manual.
This leaves the question of apt packages or doing installs via make. And the answer is: don’t do that. If there is not a flatpak, appimage, or pre-made container, make your own container. Docker files are really simple. Sure, they can get super complex and do some amazing stuff. You don’t need that for a single software package. Make simple, reasonable choices and keep all the craziness of that software package walled off from everything else.
Im pretty appimage is stable to use on your system. It contains all of the dependencies inside of it. Just one file for all of its needs. Only issue that ive had is that you need to manually update them (ie download the newest version).
flatpak > distrobox > nix > appimage > brew > .deb
I never installed any gui via podman. Not sure when it applies
If an app has bugs via flatpak, then don’t use the flatpak. Maybe it’ll be resolved in a year and then switch.
Edit: removed snap from list
Other repos and debs are fine, just don’t go overboard and add dozens of them. It’s actually a better idea than some other methods, because of the ease of uninstallation if there’s a problem.
Not really answering your question, but what you describe is exactly why I switched to arch and have been rocking the same install for over a decade.
It’s uNsTaBLe - I keep getting updates and things keep changing and rarely something needs my intervention to keep working. But it keeps working. And I can install viber from AUR without thinking.
Before that I was on Debian and then Ubuntu and then Kubuntu - and dist-upgrades were a much worse, weekend-destroying, rage-inducing pain than doing light weekly maintaining of my arch install.
How were dist upgrades going bad?
I don’t have a good memory, because it was about 15-10 years ago.
I remember one time where the dist upgrade finished, but after a reboot most apps would crash with core dumps and I wasn’t able to use apt for anything.
One time I did the dist upgrade too late and the repos were gone. It would have probably worked by manually pointing at the archive, but I was a newbie back then.
One time I had some ppa for work, that blocked the upgrade and I would have to completely remove it, but there was no version for the new release yet, even though I needed (also for work) a feature from some tool that was updated in the new release. So I was stuck between having one or the other but not both.
But like I said, it’s all cloudy.
Oh, yeah, I remember that time. Upgrading between major versions isn’t perfect, but it has improved dramatically since about 2017 on both Ubuntu and Debian.
Debian has also just implemented apt v3, which adds many basic http/s quality-of-life improvements to package downloading and installing (like multithread, better config definitions, easier key mgmt, etc)
I don’t know about Ubuntu because I moved from Ubuntu to debian 4 years ago for other reasons, but I’m sure they have aptv3 as well.