This is what got me thinking: what are the biggest problems with Linux updates right now? I’m not going to focus on formats or with Ubuntu in particular, because this problem transcends different formats and distributions. All of this is a call for better tooling and programs to make the process of updating easier for everyone, not just those unfamiliar with Linux.
The GUI Lies…
Let me tell you the tale of updating Ubuntu. Ubuntu has a few methods out of the box of updating their distribution. The first and most common one is Ubuntu’s Update Manager, which is capable of updating your Ubuntu packages and between different versions of Ubuntu.
The big benefit of Ubuntu’s Update Manager is it provides a GUI way to manage Ubuntu’s auto-updating and provides a very visible notification prompting users to update.
The problem here isn’t so much what Update Manager does, but rather what it doesn’t do. Inside Linux, there are multiple package formats, so for our purposes, we’ll briefly touch on distribution packages and universal packages like snaps and Flatpaks.
- Distribution packages are the traditional Linux packages and are typically updated on a package manager exclusive to a distribution. Common examples include Ubuntu’s apt, but also Fedora’s DNF, openSUSE’s zypper, and Arch Linux’s pacman.
- Universal packages are distribution agnostic (most of the time). These are snaps, Flatpaks, and AppImages; each of them are different universal package formats that work largely the same across multiple distributions.
There is a major difference with universal packages on Ubuntu and it’s universal packages like Flatpaks are not treated the same as snap packages. If you update through Ubuntu through the Update Manager, your apt and snap packages will be updated, but your Flatpaks won’t.
Ubuntu could easily integrate this, but they haven’t. If you want to update through the GUI, you’d have to use Discover or GNOME Software from the apt repos (not to be confused with the Snap Store) and make sure they have the appropriate packages to update your snaps and Flatpaks.
The “““Intended””” Way
This brings up matter that disappoints most Linux users is the way you’ve been installing your packages is probably wrong. Have you been using the streaming software OBS from your distribution’s repository? You’re doing it wrong because the OBS developers only test it in 2 ways on Linux. Have you tried using KeePassXC on Debian or Ubuntu? You’re doing it wrong because the maintainer went rogue and ignores the project’s wishes.
That might come off as very harsh, but most developers have uber-specific ways of using these applications. It’s really important that we use programs only through official channels because that’s what is tested and that’s the way we will have the least problems.
Returning to OBS, OBS has 2 official methods to install it, anybody know what they are? The answer is Flatpak and the Ubuntu PPA (not the one in the Ubuntu repos, a popular misconception).
- Nobara packages their own OBS, which caused this exchange on the OBS GitHub.
- Someone had problem with the snap of OBS and was turned away because it’s an unofficial package.
This is just scratching the surface; there are programs that provide lots of avenues to install their software. Firefox offers every method underneath the sun to use it: .deb, tar.gz, Flatpak, snap, they do everything. Other projects might not be so lucky because of limited resources. The email provider Tuta only provides an AppImage for example.
What makes this worse is this isn’t even the other programs that you use on your computer that aren’t snaps or Flatpaks. If your application doesn’t have a built in way to update and you aren’t using a snap or Flatpak, you’re out of luck and have to resort to visit the website and download an update manually.
One example is the Linux application firewall Open Snitch. Open Snitch is not available is any repository; instead, you must manually download the Debian or Red Hat package from their GitHub. What’s worse, the application has no mechanism to check for updates. Ironic for a network firewall that’s designed to protect you.
On a completely unrelated note, the creator of Open Snitch evilsocket, wrote about a security vulnerability in the Apple/Linux print server cups recently.
If you need something from another programming package manager, like Python’s pipx, npm, or Rust’s cargo, they all have their own independent repositories, with their own ways to update, and they aren’t tied to most GUI package managers.
Peeling Back the Layer
That’s why over the last couple years, I’ve become super jaded about where I get my packages. After becoming more conscientious of where I download my packages from and the chaos of all of these different package types, what can we do about it? The only thing that we can do is “favor” packages from their official sources first and foremost, especially if that package is a universal format like Flatpaks or snaps.
All you need to do is follow this procedure:
- Visit the website of the program you want to install. Navigate to the “download” page, just like you would for Windows or Mac, but for Linux.
- If there is a Flatpak or snap available, prioritize these packages above the others. The main reason is they are sandboxed and get first class updates.
- If there is no Flatpak or snap available, turn to one of the other methods like the Debian and Red Hat packages. Other times might be when packages try to talk you out of it, like the Brave Browser. This can also include distribution-specific repositories too, so pay close attention.
- Tarballs and source compilation are a last resort, often because they need to updated manually.
But what if you aren’t running the required distribution as one of the official packages? I use the Signal desktop app and Signal only has one way to use their application–their apt repo. As a Fedora user, I can’t install apt packages… or can I?
This is where Distrobox comes in. Distrobox allows you to install applications independent from the Linux distribution you use, simultaneously integrating it more than a program in a virtual machine. If you need to install a package in another distribution because it’s an official method or it’s better maintained, you can use a container instead.
In the case of Signal, I created an Ubuntu distrobox container and installed Signal inside. This way, I can have a minimal Ubuntu installation that has Signal and I can use Signal the way Signal’s developers intended!
Not Everyone Is a Admin

Except not really if you on KDE anyway. This did open up a can of worms because Docker and podman aren’t able to fully bridge specific actions. When I originally set up Signal, you get asked to verify your account with a captcha. Unfortunately, because Signal is trapped in a container, it can’t see Firefox on a KDE Plasma host system, so I had to develop a workaround.
- In a Chromium-based browser, navigate to the webpage of Signal’s
captcha delivery. If
you need to use Firefox, you need enable the custom signalcaptcha
URI scheme in the about:config.
user_pref("network.protocol-handler.external.signalcaptcha". true); - Complete said captcha.
- You will get a popup prompting you to open in Signal, close it, and
copy the link from the button instead. It’s really long and starts
with
signalcaptcha://signal-hcaptcha.... - In the container, run signal-desktop followed by the command. In
this case,
signalis the name of my Distrobox container.distrobox enter signal -- signal-desktop signalcaptcha://signal-hcaptcha....
If you are interested in how browser URI schemes, Mozilla has a quick reference page about this.
The solution isn’t perfect right now for some edge cases, including DaVinci Resolve identifying laptop GPUs or UTF-8 crashes with newsboat. If you need to download something for your development in a container, a container will receive its updates independently. If you are a Distrobox user or use BoxBuddy because you prefer a GUI, you need update containers in addition to your host system.
While Linux may seem daunting in this way, this issue is no different from Windows and Mac where there isn’t way to manage updating programs you have installed, especially since updates aren’t applied evenly either or even through Winget on Windows. It’s some extra steps, but Linux at least provide a way to make managing this possible, where it isn’t as accessible on proprietary operating systems.
The bottom line: your computer, no matter what operating system you use treats you like a developer or sysadmin. Updating software on computers is a massive pain, but until a better solution is posed, we need to evaluate packages based on how the developers want us to. One of the biggest problems of open source software is fragmentation, but a large part of this fragmentation is people making unnecessary versions of programs bearing the same name and deviating from a developer’s wishes in some way.