How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?
How is it possible, that Signal still only provides a .deb package and no .rpm, or even better AppImage or Flatpak? There is an unofficial Flatpak but is it secure?
They can’t possibly provide a package for every distro.
Signal’s model, ie keep tight control over development and distribution of the client, and the absence of federation, it well suited for Apple/Google’s stores, but not at all for open-source and Linux’ ecosystem.
You are right. They can’t for every distro.
But fedora/rhel, Ubuntu/debian, and arch-based distros are the most commonly used. So they can provide official packages for those, and/or as the OP said, provide an official flatpak.
And to be fair, it’s a nice-to-have to have a better sense of trust, but given the unofficial ones are open source, it’s quite likely any maliciousness would be rooted out very quickly.
Or, if you are running one of those distros you could just take the .deb and repackage it for whatever distro you’re running. Expecting a project to package for every distro, and then be required to support them for every release is a lot of work. And unfortunately some people have no issues expecting from others, but baulk at the idea of doing it themselves.
AppImages run on nearly every distro. Why arw they not providing that instead of a .deb?
Yes, AppImage can run on more distro.
Still AppImage has disadvantages over DEB: No auto-update, No/less system integration, Bigger install packages.