We’re excited to see that Red Hat has decided to offer flatpak runtimes for RHEL with a ten year security fix plan.
An in-depth explanation of flatpak and runtimes is beyond the scope of this article (and anyway, Owen’s post does a better job than I could) but in basic terms, a runtime allows us to bundle up a set of software dependencies into one file, which can then be easily and safely deployed without affecting/compromising host systems. It allows us to minimise the effects of “dependency hell”.
Red Hat’s approach will clearly help to reduce the long-term maintenance burden for RHEL users who are unable or unwilling to upgrade their applications. It’s a serious commitment, since the cost of ensuring backwards compatibility can rise significantly as the years roll by.
The approach taken on the community-supported runtime freedesktop-sdk focuses on binary compatibility and frequent updates using CICD. Each release is supported for two years, with a strong emphasis on keeping up-to-date with upstream and helping the upstream developers to address incompatibilities as easily as possible.
Codethink’s experience on upgrading vs super-long-term backporting is that it’s normally much cheaper and easier to keep doing the maintenance/updates on a regular basis, rather than sticking with old versions as upstream moves further and further ahead. Red Hat’s team is extremely experienced and clearly capable of making this model work, but we’ve seen many situations where a platform provider has failed to consider the long-term implications of sticking with a specific software release.
From our point of view it’s a bit like maintaining a house, or a car… if you do the servicing regularly you’re much less likely to suffer an unpleasant surprise later.
In one classic example, we worked with a client struggling keeping their production systems live with an out-of-date kernel maintained by a full time team of thirty people. Just by upgrading and moving to a regular update model we were able to save more than 90% of their ongoing costs. Get in touch if you’d like us to help you save money too! :-)
Other Content
- Linux vs. QNX in Safety-Critical Systems: A Pragmatic View
- Is Rust ready for safety related applications?
- The open projects rethinking safety culture
- RISC-V Summit Europe 2025: What to Expect from Codethink
- Cyber Resilience Act (CRA): What You Need to Know
- Podcast: Embedded Insiders with John Ellis
- To boldly big-endian where no one has big-endianded before
- How Continuous Testing Helps OEMs Navigate UNECE R155/156
- Codethink’s Insights and Highlights from FOSDEM 2025
- CES 2025 Roundup: Codethink's Highlights from Las Vegas
- FOSDEM 2025: What to Expect from Codethink
- Codethink Joins Eclipse Foundation/Eclipse SDV Working Group
- Codethink/Arm White Paper: Arm STLs at Runtime on Linux
- Speed Up Embedded Software Testing with QEMU
- Open Source Summit Europe (OSSEU) 2024
- Watch: Real-time Scheduling Fault Simulation
- Improving systemd’s integration testing infrastructure (part 2)
- Meet the Team: Laurence Urhegyi
- A new way to develop on Linux - Part II
- Shaping the future of GNOME: GUADEC 2024
- Developing a cryptographically secure bootloader for RISC-V in Rust
- Meet the Team: Philip Martin
- Improving systemd’s integration testing infrastructure (part 1)
- A new way to develop on Linux
- RISC-V Summit Europe 2024
- Safety Frontier: A Retrospective on ELISA
- Codethink sponsors Outreachy
- The Linux kernel is a CNA - so what?
- GNOME OS + systemd-sysupdate
- Codethink has achieved ISO 9001:2015 accreditation
- Outreachy internship: Improving end-to-end testing for GNOME
- Lessons learnt from building a distributed system in Rust
- FOSDEM 2024
- QAnvas and QAD: Streamlining UI Testing for Embedded Systems
- Outreachy: Supporting the open source community through mentorship programmes
- Using Git LFS and fast-import together
- Testing in a Box: Streamlining Embedded Systems Testing
- SDV Europe: What Codethink has planned
- How do Hardware Security Modules impact the automotive sector? The final blog in a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part two of a three part discussion
- How do Hardware Security Modules impact the automotive sector? Part one of a three part discussion
- Automated Kernel Testing on RISC-V Hardware
- Automated end-to-end testing for Android Automotive on Hardware
- GUADEC 2023
- Embedded Open Source Summit 2023
- RISC-V: Exploring a Bug in Stack Unwinding
- Adding RISC-V Vector Cryptography Extension support to QEMU
- Introducing Our New Open-Source Tool: Quality Assurance Daemon
- Achieving Long-Term Maintainability with Open Source
- FOSDEM 2023
- PyPI Security: How to Safely Install Python Packages
- BuildStream 2.0 is here, just in time for the holidays!
- A Valuable & Comprehensive Firmware Code Review by Codethink
- GNOME OS & Atomic Upgrades on the PinePhone
- Flathub-Codethink Collaboration
- Codethink proudly sponsors GUADEC 2022
- Full archive
