Results 1 to 3 of 3

Thread: snap installing versus sudo apt-get install

  1. #1
    Join Date
    Jan 2018
    Beans
    35

    snap installing versus sudo apt-get install

    Hello folks, I would like to know the security of snap installing something like sudo apt-get vis a vis pgp signed verifcation.

    I know that say sudo apt-get install VLC does verify the package 's signature before installation, but what about sudo snap install VLC ? In regards to verification.

    Thank you .

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: snap installing versus sudo apt-get install

    They both are cryptographically signed and validated.
    However, the deb package from APT would likely have a stronger parentage that is traceable than a snap package version. Anyone can make a snap package and submit to Canonical's snap store.

    Code:
    $ snap search vlc
    Name             Version                 Publisher  Notes  Summary
    vlc              3.0.11                  videolan✓  -      The ultimate media player
    dav1d            0.7.0                   videolan✓  -      AV1 decoder from VideoLAN
    The "videolan" above does imply that the same team doing the deb packages and snap for vlc is the same.
    Code:
    $ snap search videolan
    Name   Version  Publisher  Notes  Summary
    vlc    3.0.11   videolan✓  -      The ultimate media player
    dav1d  0.7.0    videolan✓  -      AV1 decoder from VideoLAN
    seems a handy search as well.

    As for application security post-install, that's a huge question that has been gone over many times in many different places. Snap packages run inside a sandbox/container restricted environment. This causes problems for many users and for less popular integrations to the program.

  3. #3
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    13,596
    Distro
    Ubuntu

    Re: snap installing versus sudo apt-get install

    Afaik snaps use a system called assertions where all packages are signed.
    Interesting read here on the differences between snap and apt:
    https://snapcraft.io/blog/a-technica...snaps-and-debs
    About assertions here:
    https://snapcraft.io/docs/assertions
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •