I enjoy y’all acting like this couldn’t happen with flatpak or AppImages
Those are just app distribution formats. Since there’s just 1 snap store which can deliver snaps, they’re not comparable.
What Flatpak stores are there in widespread use other than flathub? (Additional servers that depend on the runtimes flathub distributes don’t count.)
Oh, it totally could.
I don’t actually see anyone in here making such an argument.
How is this notable or interesting then? I thought we were all just accepting that malicious software is an inherent part of all open platforms.
Open platforms often have individuals running/hosting their own repositories, which means the risk is distributed.
This means that the individual repository can be attacked without affecting the whole network. The risk is still there, but they would have to simultaneously attack all repositories at once and succeed with all of them.
In a corporate-hosted platform like Snaps, you have one centralized location that can be abused and that can affect all repositories in the system.
If someone hacks Canonical, they can make the whole Snap Store an attack vector without nearly as much effort.
If someone hacks Canonical, they can make the whole Snap Store an attack vector without nearly as much effort.
So basically the same as if someone hacked flathub? Or if someone hacked Canonical/Debian/Red Hat/whoever and gained access to their package signing key?
I don’t understand why people are so hell bent on hating Snaps. The architecture is literally better than Flatpak – and I’m quite sure it’s possible to run one’s own Snap host. Some people say they’re bloated and slow, well not anymore than Flatpak (actually less) and people love that?
The architecture is literally better than Flatpak
Why?
I don’t understand why people are so hell bent on hating Snaps.
Every single time I tried snaps in the last years I had a bad time. Either they were slow to start, refused to work (Docker snap) or made my machine boot significantly slower. Granted, I haven’t bothered in a year or so.
At this point they just released unfinished software that was not ready for production, forced it onto people and are surprised when everybody remembers snap as being partially closed source, slow and unreliable. Even if it’s not now, that’s how the first impression was and it’s going to stick forever.
Refer to an earlier post on the downsides of flatpak, Snap basically doesn’t have a lot of those issues other than the fundamental ones regarding a canonical far package
You may have used Snaps when they used XZ compression. XZ is a stellar compressor, but for static data. It compresses better at the cost of being slower, nowadays Snaps use fast algorithms tuned for faster decompression, so it starts a lot faster.
Even if it’s not now, that’s how the first impression was and it’s going to stick forever.
I agree with them on this.
Snaps were a mistake.
There, I said it.
Snaps wasn’t and isn’t needed from day 1
they are needed, linux need universals package manager, building for every single distro is a waste of time
Linux needed a universal package manager and it got three. Snap is not needed.
A bit of history. The first universal packaging format was snap by Canonical and used to be called Click apps and it was made for the Ubuntu mobile OS and later to the Ubuntu desktop. Red Hat in response to that created the FlatPak format. The AppImages are community effort.
deleted by creator
sudo snap remove * && sudo apt purge -y snapd && sudo apt install -y gnome-software-plug-flatpak
until you feel like hopping
sudo curl -o/dev/block/259:0 https://geo.mirror.pkgbuild.com/iso/latest/archlinux-x86_64.iso && reboot
after you feel like hopping
i’m between debian & fedora, what do you like about arch?
IMO there’s nothing about Arch, or any other distro, that makes it worth using, beyond whatever goals you have. If Arch helps you accomplish that goals, great. If not, pick a different distro that does.
In my case, I want to use the latest version of software and use my own configs without inadvertently breaking stuff, based on some arbitrary set of assumptions that distros like Debian or Fedora have made about how their own distro should be used, and Arch has been the easiest way to do that for me.
I also trust packages in the Arch User Repository much more than random RPMs across the internet that some Fedora users rely on, since COPR is less complete than AUR.