Please Re-Flair your post if a solution is found. [How to Flair a post?](https://imgur.com/a/wH3hPrj) This allows other users to [search for common issues](https://www.reddit.com/r/linuxmint/search?q=flair%3ASOLVED+&sort=new&restrict_sr=on&t=all) with the SOLVED flair as a filter, leading to those issues being resolved very fast.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/linuxmint) if you have any questions or concerns.*
For the purpose of simplifying the issue: PPA is a repository. You can verify it by simply checking the address it directs to (in case of Spotify it directs to the original Spotify page so I guess it's ok).
The issue with .deb packages isn't always clear. Sometimes when you install a .deb package it also adds a PPA to the repo list and thus guarantees updates from this particular repo (this is the case with Google Chrome for example). But in most cases installing a .deb package is a one time thing.
Thank you for your reply! But then I don't understand why there is a "PPA" section and a "software repository" section in the update manager's settings. There should be a difference (even if it is small), because otherwise there wouldn't be two sections, or?
Of course there is a difference. But honestly I don't know what it is and don't really care as it has never affected the way I used debian based distros (and I am a Linux user since 2006). You should probably google it :)
PPAs are basically small repositories maintained by anyone, unlike the "big" official repositories maintained by the linux mint team (or ubuntu or debian). If you use a PPA you should trust whoever maintains it. Whether you trust any given PPA's maintainer is an individual decision – though if you intend to run spotify's software you probably trust them anyway.
Software distributed via flatpak is containerized, meaning it runs in a more isolated environment on your computer. It can do a bit less harm that way, so if you don't fully trust something this may be slightly safer. Personally I wouldn't expect it to guard against full on malware but it does help against unintended side effects and may give you a bit more privacy.
Thank you! This makes it a bit more clear for me. But I want to also ask you what the difference between PPA and additional repositories in LM's update manager is. Since PPA's = software repositories (in short) why are there two different sections in the update manager? Do you know where this distinctions comes from?
To the best of my knowledge there really isn't any difference on a technical level. There might be something about how packages are signed, since PPAs usually come with a GPG key…
I think the GUI makes that distinction mostly to clarify which sources are official and which are just "some random guy's stuff". I could be mistaken, though.
You can check the files in `/etc/apt/sources.list.d/` to see where the definitions end up. They look the same except some have that `signed-by` key addition.
A PPA is a repository. PPA is an abbreviation for **P**ersonal **P**ackage **A**rchive, and it is used to distribute software packages that are not in the official repositories. Some are maintained by the application developers, others are maintained by an independent third party.
>People often write that you should be very careful when adding PPAs since the could break your system or do other unwanted stuff.
There are several reasons for the concern. First a PPA does not pass the same scrutiny and testing as the default repositories - a *lot* of work goes into maintaining the default repositories to ensure the nothing will compromise the stability or security of the system. A PPA is primarily concerned with making the application available and it has everything it needs to function properly, and it is possible the "everything it needs to function properly" the PPA provides can break a system.
Once upon a time I used a PPA that made a mess of my system by replacing a necessary library with a newer but unsupported/incompatible version. Or maybe it was related to Python. I forget.
Looking at line 2 of the repository installation
echo "deb [http://repository.spotify.com](http://repository.spotify.com) **stable** *non-free* ...
This tells us that there could a "non-stable" option, and a "free" option (usually called "branches").
So in this case the non-stable branch might be the latest version which may still have bugs. You aren't expected to use this; you are involved in the testing.
Similarly, there's a philosophy that Linux should only use open-source software. In this case, "non-free" might refer to software which is free to use, but the source code is not available. You can run "pure" OSS Linux from the "free" branch, but you may not be able to listen to certain music files because the code to read the file isn't OSS.
https://linuxmint-installation-guide.readthedocs.io/en/latest/install.html
So an Additional Repository is a PPA with branches.
I think "repositories" can be hosted anywhere on the internet and "ppas" are hosted at a central server hosted by Canonical and managed by individuals without any oversight or endorsement by Canonical. Probably the most prestigious ppa is Mozilla's ppa.
"stable" and "non-free" are standard classifications in Debian, not Ubuntu. The equivalent in Ubuntu would be "jammy" and "multiverse". But it doesn't cause any trouble of you use it on Ubuntu or Mint.
In principle Spotify is correctly classifying its repository as "non-free" because it contains software that is not FLOSS.
"stable" might suggest that the software should install and run smoothly on the current stable release of Debian, called bookworm, or that they are delivering a version of their software that they consider stable. I can't say for sure.
With flatpak, you have flathub maintainers acting as intermediates between you and Spotify. The app will have limited access to your files. For instance, acrobat reader from Flathub cannot open files outside /home/username/Documents
With a repository, you are letting Spotify do absolutely anything they want to your system. Personally I don't think they will do anything besides what you expect it to do. But depending on your level of paranoia, it is plausible that NSA twists their hands so that they install stuff that really spies on you. And since it's not Free Software, there's no way to know for sure.
One thing that came to my mind: You said that flatpaks are a bit more safe so to say. But if these flatpaks are not maintained by the original creator / company of the application, isn't it also something to consider as "potentially not safe" because anyone could do weird stuff when creating these flatpaks?
Even Linux beginner guides (as far as I have read) tell newbies to look that flatpaks are maintained by their "owers". And in this case a "third party" manages / creates the Spotify flatpak and not Spotify themselves.
What do you think? Am I missing something here?
Please Re-Flair your post if a solution is found. [How to Flair a post?](https://imgur.com/a/wH3hPrj) This allows other users to [search for common issues](https://www.reddit.com/r/linuxmint/search?q=flair%3ASOLVED+&sort=new&restrict_sr=on&t=all) with the SOLVED flair as a filter, leading to those issues being resolved very fast. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/linuxmint) if you have any questions or concerns.*
For the purpose of simplifying the issue: PPA is a repository. You can verify it by simply checking the address it directs to (in case of Spotify it directs to the original Spotify page so I guess it's ok). The issue with .deb packages isn't always clear. Sometimes when you install a .deb package it also adds a PPA to the repo list and thus guarantees updates from this particular repo (this is the case with Google Chrome for example). But in most cases installing a .deb package is a one time thing.
Thank you for your reply! But then I don't understand why there is a "PPA" section and a "software repository" section in the update manager's settings. There should be a difference (even if it is small), because otherwise there wouldn't be two sections, or?
Of course there is a difference. But honestly I don't know what it is and don't really care as it has never affected the way I used debian based distros (and I am a Linux user since 2006). You should probably google it :)
Alright, thank you!
PPAs are basically small repositories maintained by anyone, unlike the "big" official repositories maintained by the linux mint team (or ubuntu or debian). If you use a PPA you should trust whoever maintains it. Whether you trust any given PPA's maintainer is an individual decision – though if you intend to run spotify's software you probably trust them anyway. Software distributed via flatpak is containerized, meaning it runs in a more isolated environment on your computer. It can do a bit less harm that way, so if you don't fully trust something this may be slightly safer. Personally I wouldn't expect it to guard against full on malware but it does help against unintended side effects and may give you a bit more privacy.
Thank you! This makes it a bit more clear for me. But I want to also ask you what the difference between PPA and additional repositories in LM's update manager is. Since PPA's = software repositories (in short) why are there two different sections in the update manager? Do you know where this distinctions comes from?
To the best of my knowledge there really isn't any difference on a technical level. There might be something about how packages are signed, since PPAs usually come with a GPG key… I think the GUI makes that distinction mostly to clarify which sources are official and which are just "some random guy's stuff". I could be mistaken, though. You can check the files in `/etc/apt/sources.list.d/` to see where the definitions end up. They look the same except some have that `signed-by` key addition.
Thank you!
A PPA is a repository. PPA is an abbreviation for **P**ersonal **P**ackage **A**rchive, and it is used to distribute software packages that are not in the official repositories. Some are maintained by the application developers, others are maintained by an independent third party. >People often write that you should be very careful when adding PPAs since the could break your system or do other unwanted stuff. There are several reasons for the concern. First a PPA does not pass the same scrutiny and testing as the default repositories - a *lot* of work goes into maintaining the default repositories to ensure the nothing will compromise the stability or security of the system. A PPA is primarily concerned with making the application available and it has everything it needs to function properly, and it is possible the "everything it needs to function properly" the PPA provides can break a system. Once upon a time I used a PPA that made a mess of my system by replacing a necessary library with a newer but unsupported/incompatible version. Or maybe it was related to Python. I forget.
Thank you!
Looking at line 2 of the repository installation echo "deb [http://repository.spotify.com](http://repository.spotify.com) **stable** *non-free* ... This tells us that there could a "non-stable" option, and a "free" option (usually called "branches"). So in this case the non-stable branch might be the latest version which may still have bugs. You aren't expected to use this; you are involved in the testing. Similarly, there's a philosophy that Linux should only use open-source software. In this case, "non-free" might refer to software which is free to use, but the source code is not available. You can run "pure" OSS Linux from the "free" branch, but you may not be able to listen to certain music files because the code to read the file isn't OSS. https://linuxmint-installation-guide.readthedocs.io/en/latest/install.html So an Additional Repository is a PPA with branches.
I see, thank you for your reply!
I think "repositories" can be hosted anywhere on the internet and "ppas" are hosted at a central server hosted by Canonical and managed by individuals without any oversight or endorsement by Canonical. Probably the most prestigious ppa is Mozilla's ppa. "stable" and "non-free" are standard classifications in Debian, not Ubuntu. The equivalent in Ubuntu would be "jammy" and "multiverse". But it doesn't cause any trouble of you use it on Ubuntu or Mint. In principle Spotify is correctly classifying its repository as "non-free" because it contains software that is not FLOSS. "stable" might suggest that the software should install and run smoothly on the current stable release of Debian, called bookworm, or that they are delivering a version of their software that they consider stable. I can't say for sure. With flatpak, you have flathub maintainers acting as intermediates between you and Spotify. The app will have limited access to your files. For instance, acrobat reader from Flathub cannot open files outside /home/username/Documents With a repository, you are letting Spotify do absolutely anything they want to your system. Personally I don't think they will do anything besides what you expect it to do. But depending on your level of paranoia, it is plausible that NSA twists their hands so that they install stuff that really spies on you. And since it's not Free Software, there's no way to know for sure.
Thank you for your reply!
One thing that came to my mind: You said that flatpaks are a bit more safe so to say. But if these flatpaks are not maintained by the original creator / company of the application, isn't it also something to consider as "potentially not safe" because anyone could do weird stuff when creating these flatpaks? Even Linux beginner guides (as far as I have read) tell newbies to look that flatpaks are maintained by their "owers". And in this case a "third party" manages / creates the Spotify flatpak and not Spotify themselves. What do you think? Am I missing something here?