Page 4 of 9 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 84

Thread: What's the rationale that Ubuntu now wants to install everything in a snap package?

  1. #31
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,849
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    Your general thrust is correct:

    Even a project that is still going strong has no obligation to keep snaps properly updated. The LibreOffice devs could, for example, decide that snap maintenance is just not worth their while and "abandon" it. This would be a severe case and so high-profile that Canonical would likely do something about it, but a little-known app could very well get orphaned with no one bothering to deal with it.
    To my knowledge, so long as they don't violate any licenses, snaps can be packaged by third-parties, though I cannot attest to this as fact.
    A snap could be offered by one member of a development team who then has a falling out with the other devs, which leads to its abandonment.
    An app doesn't have to actually be orphaned to cause trouble. The devs could mistakenly upload a buggy version or an unstable one. The ability to keep snaps more current cuts both ways. By divorcing snaps from the traditional repository vetting process, the distro maintainers pass on those responsibilities to outside parties. Passing on responsibilities also mean passing on control.
    If these statements are indeed true, it seems like the entire concept of snaps is a really really bad idea.

  2. #32
    Join Date
    Mar 2010
    Beans
    7

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    Yeah... this is the kind of stuff that makes me wonder if I should still use this distro. It has been a long journey with it but I am thinking about it more and more.

  3. #33
    Join Date
    Sep 2007
    Beans
    97

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    Quote Originally Posted by kevdog View Post
    If these statements are indeed true, it seems like the entire concept of snaps is a really really bad idea.
    I don’t see how this is unique to snaps though. All of these issues could affect ppa’s or .deb or even tarballs. They could even affect the actual repo in a distro as well in that the repo isn’t updated very often.

    Ultimately you are relying on someone maintaining a release of a software package. If nobody does, or it gets forked because one maintainer only likes flatpak and so apt gets left behind and no longer updated, you are in a similar place. And if you rely on the distro maintainers to provide all of your software, there is no technical reason (other than the inherent limitations of snap packages) that they couldn’t do so via snap versus apt or some other package manager.

    To me the concept of snaps currently seems to be completely fulfilled in that they are (somewhat) portable and more or less distribution agnostic.

    Where they fail is in the overly restrictive sandboxing, and the fact that the snap store is both centralized and yet not curated enough.

    If the store were decentralized, or if it were curated to the point that there was a verification that the person uploading the snap was identifiable as the developer (not limited to original developers, but to ensure at least that I know who uploaded the snap) then it would be much easier to trust them.

    And if the snaps themselves had the ability to either see the entire file system if I so choose, or be more like flatpaks in that I can tell them explicitly which paths they can see, then their utility would match applications installed via tarballs for example.

    But that an application can be abandoned or its distribution method forked does not seem to be a unique problem to snaps, or invalidate the concept behind them.

  4. #34
    Join Date
    Sep 2014
    Location
    United States
    Beans
    286
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    To me the concept of snaps currently seems to be completely fulfilled in that they are (somewhat) portable and more or less distribution agnostic.


    I see that .deb packages seem "distribution specific," but the purpose of a distribution is to deliver software that is compliant with the system, hence ubuntu and debian maintain archives that are documented in a way that represents if the project "maintains" the build or if it provides it as a convenience. How they are portable simply relies on how your system is configured. You could have a Linux computer that processes debian packages, but then it would install software in a particular way meant for debian platforms with all the software it pre-packages. If you've gone through the work of creating a Linux computer, why not just use Debian?

    Then how do snaps work better than packages?

    They simply require less work from the distribution to maintain compliance, as they run on a sub-system in a way.

    However you should expect a cost in performance... and there is a cost in operation security. How do I lock down snaps? Documentation says I can confine them, but if my requirements are to keep certain systems away from developers, there are easy ways to work around modifying snap installs to include apache or ftp when I don't want those services available on systems pushed out to customers who will not know about the security vulnerabilities, etc.

  5. #35
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    Quote Originally Posted by bvz View Post
    I don’t see how this is unique to snaps though… that an application can be abandoned or its distribution method forked does not seem to be a unique problem to snaps, or invalidate the concept behind them.
    I agree with your above analysis, with the exception of one critical omission:

    Currently, apps in the repos are compiled from source. This means that it's the Canonical maintainers who decide which apps become repo packages and they (or anyone for that matter) can parse through the source code at any time. While I'm positive that Canonical doesn't do so—after all, at last count there are 60,000 pkgs in the repos—the sheer fact that source code must be posted serves as a tremendously effective deterrent to malicious apps being foisted upon us.

    But the snap ecosystem is different. It doesn't require source code to be posted. As said, it's whole modus operandi is to offload responsibility for maintenance to the developer. So, malicious or questionable apps have a much easier time sneaking into the Snap ecosystem than the repos. It's already happened: https://www.omgubuntu.co.uk/2018/05/ubuntu-snap-malware

    Since then, Canonical has taken great pains to prevent a recurrence, but consider the following scenario:

    Community Carmen produces a good clean weather checking applet that is useful to a subset of Ubuntu users and posts it in the snap store. It even has a source tree so that diligent users can examine it. She maintains it for a year, but then, life intervenes so she has to pass it on. She finds Cursory Cathy who agrees to take it over. However, Cursory Cathy does not adhere to the same standards. She maintains the applet well enough but can't be bothered with the source tree, so eliminates it. After another year. she too has to pass it on.

    Enter Devious Dan. He represents himself as a good member of the community and, for the first year, maintains the applet with all due care. But the applet now has three years of solid provenance. It has become an accepted part of the ecosystem and people no longer think twice about installing it. Devious Dan decides to add cryptomining to the applet. It still does its purported job as well as it ever did, but it now siphons off a portion of your resources to enrich Devious Dan. Moreover, Devious Dan implements the cryptomining in such a way that the resource hit is never high enough to draw attention to itself and the constant IP traffic is not questioned because it is in the nature of the applet function itself.

    How does one guard against this sort of thing?

    I can't code to save my life, so the existence of source code is of no direct use to me, but I am surrounded by a community of coding gurus like all of you to whom source code is actually decipherable. Your collective expertise is the most priceless of all resources to the greater Linux ecosystem and are what guys like me rely on to keep this ecosystem safe. My biggest concern with snaps is not that apps might get orphaned, but the way it short-circuits this proven safeguard.

    Years ago, I made the jump from the proprietary world to the FOSS world in large part because of these sorts of considerations. That jump was not easy. It involved a lot of short-term pain for the promise of long-term gain. That trade has more than worked out and has returned me benefits in spades, but if the future of Ubuntu is entirely towards snaps, then I too will be forced to consider my options.

    What I'm counting on is that snaps will be treated as a supplemental ecosystem and not a replacement one. If they are meant to be simply a sandboxed version of PPAs, then I can live with that. But if Canonical is ultimately migrating everything to snaps, then that's a deal-breaker. So far, I don't have enough info to tell either way, so I'm keeping my eyes open and my ears to the ground.
    Last edited by DuckHook; May 13th, 2020 at 11:13 PM.

  6. #36
    Join Date
    Feb 2009
    Location
    Wasilla, Alaska
    Beans
    463
    Distro
    Kubuntu

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    It's an ideal, isn't it? All of your apps run in their own little sandboxed container?
    Holy Cripes on Toast!
    Attention is the currency of internet forums. - ticopelp

  7. #37
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    Quote Originally Posted by Shibblet View Post
    It's an ideal, isn't it? All of your apps run in their own little sandboxed container?
    Although the provisional answer is "Yes", the details make all the difference in the world.

    • If the contained app is opaque and no longer follows FOSS principles, then the advantage from it being technically contained is outweighed by the disadvantage of it now being suspect (my above posted example).
    • I want to be able to fine tune those container parameters; not have those parameters be forced on me from on high.
    • I want the option to not contain an app should I so choose. Example: in Focal, Chromium is only available as a Snap. This is the FOSS version of the most popular browser in with world, yet it is now missing from the repos.
    • Many apps and applets make no sense being confined. LUKS doesn't belong in a sandbox. Neither does the file manager, nor the system editor. Hundreds more come to mind. Yet there is a tendency to snap them just… because. Beware the hammer syndrome: when one has a shiny new hammer, every app looks like a nail.

  8. #38
    Join Date
    Sep 2014
    Location
    United States
    Beans
    286
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    So I was sitting with some folks, and we were talking about deploying Nextcloud. And I mentioned you could "deploy Nextcloud in a snap." At this moment, we all realized the true reason why Canonical is going with snaps in 20.04 LTS. Fun way to describe a technical procedure.

  9. #39
    Join Date
    Feb 2010
    Location
    South of the Maple Trees
    Beans
    Hidden!
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    I see lots of great points brought up here. The waste of storage space is a big issue for me. Most of my SSDs are smaller than 100 GB. My primary machine only has ~60GB. If there was a way to move the snap folder to one of the HDDs, then I'd like it more. Installing applications on secondary drives is very easy in Windows. Maybe this is possible, as I haven't looked into it.

  10. #40
    Join Date
    Apr 2007
    Location
    On your plate
    Beans
    99
    Distro
    Xubuntu

    Re: What's the rationale that Ubuntu now wants to install everything in a snap packag

    Quote Originally Posted by DuckHook View Post
    ...Moreover, Devious Dan implements the cryptomining in such a way that the resource hit is never high enough to draw attention to itself and the constant IP traffic is not questioned because it is in the nature of the applet function itself.

    How does one guard against this sort of thing?
    I wonder if the sandbox could also include CPU & network limits and/or monitoring to flag questionable app behavior. For example, a snap package's configuration would need to post the expected limits of CPU and network traffic. If the snap's developer posted unreasonable expectations, people would see it. If they don't post it, then attempting to exceed it would be caught by the sandbox.

Page 4 of 9 FirstFirst ... 23456 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •