The line between a rolling release distro and a stable Distro with just the necessary updates is blurry.
For some applications like Browser, Mailclient and Office Suite it is useful to have exceptions.
Some of these exceptions can be handled with a PPA.
Which of these do you use and why? Maybe we can find a way to shrink the number that is needed.
I will start with mine:
Wine, for games it is absolutely crucial to not lag a year or more behind on the compatibility layer.
Otherwise people report bugs that are already fixed in the bi-weekly upstream releases.
Gamers like RGB and we don’t have these packaged in a recent version
Mangohud, Performance overlay. Also not packaged in a recent version.
-Oibaf , updates to the graphics stack are critical for gamers. Like Wine it reduces unneccessary bug reports
Wireshark , the packaged version in Ubuntu is quite old and nightlies are tempting due to more features
Mozilla , the snap package is awfully slow and a .deb package feels more snappy and faster.
that you are effectively giving a foreigner 100% root access to your system (dpkg runs all maintainer scripts as root and unlike the confined snaps that are not able to access anything on the host by default, it has full access to your system to i.e. install a key logger, steal your passwords or bank data) … so you better know if that PPA owner is trustworthy or not.
that any PPA can actually replace any system libraries with newer versions, introducing unexpected bugs and get you into dependency hell on upgrades …
Both Snap and Flatpak are sensible solutions to the problem of allowing applications to be updated independently of the host OS and both introduce a level of sandboxing for security.
Both have issues with specific applications because application developers are often not experienced with packaging in general and with Snap or Flatpak packaging in particular. That inexperience leads to some sub-optimal choices (as has been widely discussed with, for example, the Firefox snap you allude to).
The “better solution” you seek comes from a gradual improvement of the packager’s understanding of these issues. Here’s a case in point where Snaps from Jetbrains recently got a massive speedup (40s => 10s startup) after the developers were made aware of a better option.
I don’t think we should use snaps and appimages and flatpaks for everything just because we lack things as a normal .deb package.
These packages imho should be reserved for applications we can’t get packaged normally, like paid apps or things where no maintainer wants to do it as deb.
Graphics Drivers and compatibility layers or a browser are not really suitable for this package format as there is no need to sandbox them.
A browser brings its own sandbox and as we have seen with flatpaks on the Steam Deck, the user experience without flatseal will suffer by default as people can’t access their files.
My intent here is not to prevent any non-deb packages at all, but figure out where the default packages are incomplete to get it fixed.
We have two topics to get some of that fixeed and i think the problem with the default offering of packages it bigger than just:
(and the nice thing about snaps is that you can have multiple versions of the same snap installed in parallel from different channels … i.e. nightly, esr and the standard stable one with just three simple commands)
Here are my PPAs/3rd party repos on my Kubuntu gaming desktop (Ryzen 9 5900X, RX 6900XT, 64GB RAM):
newer kernel, Lutris (newer than what’s in Ubuntu’s repo), and probably more that aren’t on Ubuntu’s repo when I was running on Impish. I also added apt preferences to stop Pop!_OS from taking over (i.e. GNOME Shell, Pop! Shell, GDM).
I’m careful with what PPAs I add, and stay as close to official as possible, and go for what I know to be “official”, such as Kubuntu backports and Pop!_OS.
As to why not just run Pop!_OS, I’m not a fan of GNOME, and only want certain things from that repo. And I remember when I was noob with apt preferences, and was tweaking my Neon with Pop!_OS repo (for newer kernel) with my previous gaming desktop, and it was a total disaster (at the time) because Pop! wanted to take over my system really badly, and was scared to upgrade.
being or being not impervious to exploits is quite different to “let me give this person full root access to all my (banking) data and passwords” though …
a PPA from a well known and trusted maintainer is surely not a lot of a risk (beyond accidentally getting the occasional bug you don’t get with the distro packages), but there are surely enough others.
there are no checks on launchpad if you or your software are trustworthy (unlike snaps where every single upload runs through plenty of checks (and goes into manual review when failing) and where runtime app access is controlled by you through the interface connections you allow) …