stale beta apps in flathub-beta

[fedelibre]

As reported here, if you list the apps in flathub-beta remote you'll find some apps which probably used to have a beta branch but then removed it. As a result, the flatpak images are still there and out-of-date.

Are you aware of it? Should these be removed? Do you know how to easily find out all the apps without a beta branch?

As an example, let's take im.riot.Riot:

$ flatpak remote-ls flathub-beta | grep Riot
Riot    im.riot.Riot    1.5.4   beta

$ flatpak remote-ls flathub | grep Riot
Element im.riot.Riot    1.8.5   stable

[RokeJulianLockhart]

This lack of oversight is causing great insecurity, so this problem should be remediated quickly.

[vchernin]

This issue probably fits best at flathub/flathub but nevermind

What could workaround this problem is to recreate the beta branch in im.riot.Riot, and then set that branch to EOL. See https://github.com/flathub/im.riot.Riot/issues/218

[Erick555]

The beta branch is often used for testing something. Users shouldn't expect it will be continuously updated. Whether beta branch is deleted or not doesn't matter here. I think this is misunderstanding the purpose of beta in flathub. AFAIK the flathub policy is to not remove existing refs for transparency unless they're badly broken.

[RokeJulianLockhart]

http://github.com/flathub/linux-store-frontend/issues/305#issuecomment-926985010

Thus, its purpose should be very clearly and obviously communicated to its users, because that is not how any other beta "channels" or repository that I have ever known of has functioned. http://github.com/snapcore/snapcraft has stable, beta, candidate, and edge "channels" (repositories) that are used as flathub's stable and "beta" repositories are, whereas their "branches" are used how http://github.com/flathub/linux-store-frontend/issues/305#issuecomment-926985010 has described the purpose of "flathub-beta" as.

I have described one potential method of remediation at http://discourse.flathub.org/t/1711.

I am using Fedora Silverblue, which is demonstrative that I am not biased positively for Snap.

[Erick555]

Every app may use beta with different purpose (if it use it at all). For example firefox indeed puts there beta releases but usually there is some random stuff. Note that branches with different name than beta or master aren't published to remote. Snap use it differently but flatpak isn't snap.

[RokeJulianLockhart]

http://github.com/flathub/linux-store-frontend/issues/305#issuecomment-927108365

Obviously Snap and Flatpak are different, regardless of their almost-identical reason for existence. If they were identical, I would not have used Snap for comparison of the attributes of Flatpak. You have also ignored that no other distributor of software has used the terminology ("beta" and "stable") that is used for the repositories of Flathub as Flathub has for its repositories that are referred to as "stable" and "beta".

Also, this problem is affecting many people, and thus is detrimental to their opinions of flatpak.

[Erick555]

My take is it's not security problem for flathub if it doesn't provide as many branches as snap does or uses different terminology. It's a feature request. The fact beta branches are stale for some apps isn't an oversight in most cases thus quick remediate is very unlikely.

Users losing track of what and why they installed isn't flathub specific phenomenon. Same thing happens with PPA, AUR perhaps COPR too and so on. It's not even Linux specific issue as on Windows situation is arguably worse.

Honestly there are much worse problems than this i.e if app stops supporting specific architecture then users of this arch will be stuck with last uploaded version forever without realizing it.

[RokeJulianLockhart]

http://github.com/flathub/linux-store-frontend/issues/305#issuecomment-928043214

Thus, this situation must be somewhat automated (although moderated) not least because, as is demonstrated at http://github.com/flathub/im.riot.Riot/issues/218, these problems are not remediated quickly, if ever. Most distributions of GNU-based operating systems have perfected this process quite well. Is anybody that has participated in this issue able to gain the option of someone whose experience is relevant to this topic? Because the amount of software that Flathub is hosting is increasing quickly, this problem should be remediated quickly.

[RokeJulianLockhart]

http://github.com/flathub/linux-store-frontend/issues/305#issuecomment-926946046

If this should be at http://github.com/flathub/flathub, please transfer it to there if that is possible, because this may gain more attention if it is where is should be.

I am also somewhat perfectionist, so it shall be less mentally burdensome...