Snaps -- argh. Love them or hate them.
I'm aware Ubuntu's been trending toward installing everything in the form of snap packages.
What's behind this philosophy?
Snaps -- argh. Love them or hate them.
I'm aware Ubuntu's been trending toward installing everything in the form of snap packages.
What's behind this philosophy?
Makes life easier for distribution maintainers. Anything inside a snap is someone else's problem.
This is not a criticism. I fully understand they need to put the responsibility for maintaining application packages back on the developers.
Last edited by rbmorse; April 29th, 2020 at 07:15 PM.
regards
I'm not sure I'm educated enough to answer this question. But from my perspective I'd guess they want more software available. Universal packaging does just that. Since the dependencies are self contained it also reduces the work of distro maintainers as people can package their own snaps. The downside though is that these self contained dependencies could very easily be very out of date, and have holes in them. I'm not sure if there is a way to check that type of thing.
I prefer normal repositories and the current method of having everything relying on a single library. Find a problem, update the library, problem solved for every app that relies on that library. You lose that with snaps. Regrettably I have to use them to keep the newest version of LXD. I've debated going back to Debian, maybe CentOS and using a straight LXC simply so I can avoid snaps, but I'm fairly lazy. One of these days I'll probably attack it. For now I don't care too much. I think ultimately though that universal packages are the future either way. You see people asking for "big name" software on linux regularly. That is the only way it will happen. With so many different distros and ways of doing things no one can possibly package for every single variation.
Makes life easier for distribution maintainers. Anything inside a snap is someone else's problem.
Absolutely this.
This makes trusting the supply chain less obvious however.
Snaps though seem to run slower than their non-snap counterparts.
Idk -- maybe its just me but one of the things I like about linux was I kind of "knew" what was running on my system. I find this with Arch Linux particularly where I had the choice what base packaged I wanted to add to make the arch iso. With snaps -- it is kind of a black box. I'm not sure its comparable but I run a lot of docker images which use Ubuntu as a base. In many cases the when I exec into the container, I see that although the base is running Ubuntu 18.04, the system level packages haven't been updated in over 6 months -- sometimes longer. I hypothesizing here, but that doesn't seem to me very good security practice. I wonder if snaps are very much the same in this regard.
This is one of the reasons. But also:
Pros:
- The ability to run current apps instead of stuff that may be so old as to be nearly obsolete. Example: in Xenial, LibreOffice was so broken as to be almost unusable. It wouldn't save files over NFS shares without a config hack. The old workaround was adding PPAslikely the single worst Ubuntu security hole I can think of.
- Allow the running of older apps that may break on current system libraries. Example: in Trusty, GNUcash couldn't open files created in Precise.
- Limited sandboxing of apps for higher security.
Cons:
- Way more bloat and cruft.
- Succumbing to ridiculous feature creep. As I discovered recently, prior to Focal, something as simple as the calculator was hived off to a snap.
- Invites shirking of responsibility. In Focal, LibreOffice help is borked, whereas the snap version works. The devs have known about this for months, but still no fix in sight.
- Loss of control. The snap version of LXD is harder to configure than the repo version. It sometimes involves arcane measures to work around its snap confinement whereas the repo version just works.
A system upgrade is a heart, lung and brain transplant. !!BACKUP FIRST!!
Linux is Not Windows | A Great CLI Guide | Resources for Newcomers
The Best 'buntu Flavour | Remapping Keys | Sandboxing Apps with LXD
Sandboxing of applications. That is the benefit to the user. See a comparison between Appimage, Flatpack & Snap.
https://www.ostechnix.com/linux-pack...ap-vs-flatpak/
Now investigate why there is a need for the X-Server to be replaced. Notice the potential for security vulnerabilities. Then do the same for Redhat's RPM package format and Debian's deb package format.
Motivation, as I see it, is an application that can be installed and run on any Linux distribution and on any version of that distribution; The developer can update the application and get the update out to the user without the delay caused by a distribution's developer team having to audit the source code before allowing it into the distribution's repositories: Applications can be sandboxed to severely limit access to the system.
Regards
It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
Ubuntu user #33,200. Linux user #530,530
Ideally, this is great, but my experience with some snaps reveals that this doesn't happen. Like many projects people move on and don't follow through and maintain them.The developer can update the application and get the update out to the user without the delay caused by a distribution's developer team having to audit the source code before allowing it into the distribution's repositories.
"Our intention creates our reality. "
Ubuntu Documentation Search: Popular Pages
Ubuntu: Security Basics
Ubuntu: Flavors
But this just trades one vulnerability for another: the idea behind the repos was that stuff there had been vetted and therefore earned a higher level of trust. Yes, this meant that they couldn't be brand-spanking-new, but the principle was that trading older apps for security and stability was a worthwhile tradeoff. Mainlining apps straight into the bloodstream from each developer is what has caused so much security trouble in the proprietary sphere.
Don't get me wrong: I'm not naysaying Snaps. There's clearly a place for many apps to be packaged as snaps. After all, I'm the guy who usually goes on ad nauseum about sandboxing. But there's also a point at which it turns into silliness. Is Ubuntu heading towards a future where everything except the kernel is a Snap?
Thanks for the link BTW. Very interesting article.
A system upgrade is a heart, lung and brain transplant. !!BACKUP FIRST!!
Linux is Not Windows | A Great CLI Guide | Resources for Newcomers
The Best 'buntu Flavour | Remapping Keys | Sandboxing Apps with LXD
IIRC Canonical maintains a lion's share of Debian packages. Migrating these over to snaps helps reduce the weirdness you get when testing with different system configurations, update stages, etc. So it drives down QA costs.
It's a respectable decision, despite some of the issues with snaps. Realistically snap performance is varied in my experience. I recall having issues with one particular snap package, but the unofficial discord snap ran like a dream.
Bookmarks