When I first started using Linux 15 years ago (Ubuntu) , if there was some software you wanted that wasn’t in the distro’s repos you can probably bet that there was a PPA you could add to your system in order to get it.
Seems that nowadays this is basically dead. Some people provide appimage, snap or flatpak but these don’t integrate well into the system at all and don’t integrate with the system updater.
I use Spek for audio analysis and yesterday it told me I didn’t have permission to read a file, I a directory that I owned, that I definitely have permission to read. Took me ages to realise it was because Spek was a snap.
I get that these new package formats provide all the dependencies an app needs, but PPAs felt more centralised and integrated in terms of system updates and the system itself. Have they just fallen out of favour?
Appimages don’t bloat the system, they are actually many times even smaller than native packages thanks to their compression (librewolf being 100 MiB instead of 300 MiB, libreoffice being 300 MiB instead of 600 MiB).
And those are “lazy” appimages made with linuxdeploy, if you do some tricks with static linking to can get their size down way way more. For example one case is qbittorrent, their official appimage is 100 MiB while there is a fork called “qBittorrent Enhanced Edition” and they got the size of the appimage down to 26 MiB
I also don’t know what you mean by security risks with the libraries, the appimage gets made in CI (usually ubuntu 20.04 or debian stable) and the libraries from those distros get bundled and released, the only way this could be a security risk is if the whole appimage is outdated or debian/ubuntu haven’t caught to updating their distros.
My big issue wiht flatpak is that they don’t follow the xdg base dir spec and neither add the binaries to PATH (And they said that they will not fix those issues btw), making them only useful for some graphical applications, while pulling several gigabytes of runtimes and dependencies, and the more I’ve been using and understanding appimage the more I think both flatpak and snap should have never existed. As 99% of what they do could have been done with appimage already and just keep a centralized repo of approved appimages for security concerns.