José Maldonado <josemald89 <at> gmail.com> writes:
> The last days, ArsTechnica publish this new: > http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/ > > "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, > Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu," > Canonical's announcement says. "They are currently being validated on > CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are > easy to enable on other Linux distributions." (Ubuntu will continue to > support deb packages, but developers can choose to package applications > as snaps instead of or in addition to debs.)" > > Gentoo is supporting officially Snap packages? Why not Flatpak? > > Thank you very much for your responses! Bye! :) > One word SECURITY? Trust but verify does come to mind. Containers are not exactly the most secure apparatus, imho. "Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers." [1]. So, I want to hear about the robustness of the security on these 'self containerd packages. What exactly creates the codes necessary for the container ? Is their a version that works on gentoo-hardened? Suggestions for firewalling off a system for routine, deep examination and profiling of port activities, would be most welcome. Prima facia, I just have no trust in wonderful ideas from the *buntu crowd, ymmv. Also, it's a really good idea; now maybe *DALE* can get his security VM, in a snap (snapple?, snapit?, snapper?), that is gentoo-hardened blessed? Maybe the snhap designation for secured (Hardeded) snaps? Maybe if it's a hardened, entertainment (video snap) we call them schnapps? I've been bantering about for a couple of years now how clusters (hpc and containers) are going to change everything. Security is the main obstacle now. You know, I'm ready to sip this Kool_aid and ponder the possibilities.... Were are all the security gurus on at on snaps? Do snaps require systemd or are they PID-1 agnostic? James [1] https://github.com/coreos/clair
