Question about Snaps

Oliver Grawert ogra at ubuntu.com
Sun Oct 9 12:40:32 UTC 2016 

hi,
On So, 2016-10-09 at 05:43 +0200, Ralf Mardorf wrote:
> 
> > except that the handfull of the bigger desktop apps on linux do
> > exactly
> > this today already, firefox, thunderbird, chrome/chromium, skype,
> > steam
> > all build, link and ship their complete set of depending libs today
> > inside their deb, libreoffice does this partially ... 
> 
> And especially those apps are very often listed as being vulnerable.

and so you prefer to run them with full access to your system, all your
data and files, instead of having a restricted snap where only you as
the user can control which data they access on your system through the
interfaces you allow ?

i actually expect that in future ubuntu releases (latest by the next
LTS) these (and most other GUI related) apps will be shipped as snaps
by default on the install media, so that only your system stays deb
based and everyone can benefit from the added security without even
having to think about PPAs.

> 
> > 
> > what i find interesting is that you seem to not consider the ubuntu
> > security team to be experts (despite using (and obviously trusting)
> > their distro and even quoting one of their pages above), note that
> > over
> > the last two years quite a big part of their work time went into
> > the
> > security design of snaps (and into solutions to issues like the one
> > you
> > describe above).
> > 
> > > 
> > > For a desktop computer there seems to be no advantage when using
> > > snaps.  
> > 
> > well, see above ...
> > 
> > and beyond this, actual desktop users don't care what gets
> > installed
> > when they pick an app in the software center for installation ...
> 
> A lot of Linux users care much about this,

does anyone you know from the mac or windows world care actually ? 
do they ever open a terminal ? do you think these people care when they
switch to a linux based desktop ? 

do you think that more than 5% of android users actually know whats
underneath the UI ?

yes, arch users might care but we were talking about "desktop users",
people that specifically have a PC to do something with it and that
expect the OS to go out of their way, they want the machine to be a
tool, like most car owners don't (want to) know how to maintain their
engine, they just want to get from A to B and pay a mechanic for the
rest.

> 
> > 
> > ask a mac user what the package format of the apps is that he has
> > installed ... 
> > 
> > the same mac user will tell you that he *does* care to have this
> > years
> > photoshop edition though, even if his MacOS install is from two
> > years
> > ago.
> 
> A Mac user isn't a Linux user. We should expect another level of
> self-responsibility Linux users, even from those using Ubuntu, let
> alone the users of more expert orientated distros.

huh ? why would you expect anything more from a linux *desktop* user
than from any other OS user... 

had google had that attitude linux would not be the most used thing in
the mobile world today. it is great that you and I can use our wrenches
to tune or modify the engine but you wont sell your car (or attract
more users (and through that some developers in the end) of any form)
if you run with such an attitude. linux is not just for elitists, it is
for everyone, this is the core meaning of "Linux for Human Beings".

> 
> > 
> > LTS releases have exactly one single purpose, enterprise/company
> > usage
> > ...

> Then using a rolling release is the way to go.

which is exactly what snappy is, it just leaves you the freedom to pick
if you want everything rolling using a snappy based OS install or if
you only want your apps rolling, by picking any distro out there with
any package system you like as the base distro underneath ;)

> 
> > 
> > > 
> > > Communication among different apps is an issue, if each app runs
> > > inside
> > > its own sandbox/container alike thingy, let alone that until
> > > now permissions to use hardware could be tricky, too.  
> > 
> > you might want to read up about snappy's interfaces system, it
> > solves
> > such issues in a very elegant and secure way ;)
> 
> So there are no issues anymore with e.g. jackd?

there have been a lot new interfaces within the last months. 
what is the bug number of the bug you filed about it so that the
security and snappy core teams team know about it ? 
i'm happy to point them there so they can comment if the existing
interfaces can do this today and if not, that they can add an interface
that suits you ... 

just complaining in an off-topic thread on a unrelated mailing list and
then calling snaps "bad" because nobody magically implemented a feature
you want (without knowing you need it) wont really help.

snaps are the future in the ubuntu ecosystem (and most likely also in
many others, when looking at the consortium of different distros and
projects that decide on their direction now in the technical oversight
board [1]), it doesnt matter if you or me like them if upstreams simply
adopt them as their delivery mechanism for their apps. 

they wont go away and it would help being constructive to improve them
instead of just badmouthing them after not even taking an in-depth look
at them.

ciao
	oli


[1] appstream, Arch, debian, elementary, KDE, Ubuntu, VLC, Fedora
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20161009/13627482/attachment.sig>

More information about the ubuntu-users mailing list