On 16/06/2016 21:11, Andrew Savchenko wrote:
On Thu, 16 Jun 2016 15:27:29 +0000 (UTC) James wrote:
José Maldonado <josemald89 <at> gmail.com> writes:
The last days, ArsTechnica publish this new:
http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/
"Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu,
Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu,"
Canonical's announcement says. "They are currently being validated on
CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are
easy to enable on other Linux distributions." (Ubuntu will continue to
support deb packages, but developers can choose to package applications
as snaps instead of or in addition to debs.)"
Gentoo is supporting officially Snap packages? Why not Flatpak?
Thank you very much for your responses! Bye! :)
One word SECURITY? Trust but verify does come to mind.
+1
It looks like C:/Program Files/ for Linux to me.
It is a complete bundle with all dependency libs, thus
vulnerabilities can't be fixed by a regular emerge and users will
need to update _each_ snap separately. If updates will be
available, but likely they will not be, at least not in time.
So it's like macs then?
I'm not talking about tremendous RAM waste (due to shared objects
duplication) and disk space waste as well. Both of them can be
mitigated by deduplication of RAM and disk pages, but this will eat
lots of CPU and users should be quite advanced to do that.
Containers are not exactly the most secure apparatus, imho.
"Clair is an open source project for the static analysis of vulnerabilities
in appc and docker containers." [1]. So, I want to hear about the robustness
of the security on these 'self containerd packages.
There is a security audit of the snap already available:
http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html
It is quite lengthy, but worth reading.
Tl;dr: if you care about security of your box, stay away of this
stuff.
I don't see the part where all these latest fancy container
thingymagicies are not really just "embed everything in everything"
We've known for years the dangers of embedding stuff in packages (it
hardly ever gets updated properly)
