Snap and modern software (was: Remove /snap directory)
Keith
keith at caramail.com
Wed Dec 14 20:04:54 UTC 2022
On 12/14/22 11:43 AM, rikona wrote:
> On Tue, 13 Dec 2022 23:56:32 -0600
> Keith <keith at caramail.com> wrote:
>
> <BIG snip>
>> And of course snaps also allows you to run closed source, proprietary
>> software which cannot be included in Ubuntu distributions.
>
> Perhaps also malware, tracking stuff, etc. Perhaps also easier to make
> it harder to find such stuff in the package?
>
> How do you protect yourself from bad snaps?
>
>I think there's some level of review, but I don't know how extensive it
is. Right now you can use the command-line snap tool to see if a snap is
verified to some degree. Green checks by the publisher name confirms
they have been verified by Canonical. From my observation, a green check
usually means the publisher is also the developer of the software
program, or a contributor to the project. Yellow/black star badges by a
publisher's name I believe indicates the publisher is a verified snap
packager.
But really your concern is equally applicable to any source of software
distribution. How you do protect yourself from bad packages hosted in an
anonymous PPA? How do you protect yourself from bad Android apps that
are in Google's PlayStore? For that matter, how do you protect yourself
from any bad packages in the Ubuntu archives? There's literally
thousands of packages in the combined repos. Can you ever be sure that a
few of those don't contain malware/spyware or just badly written
pre/post install scripts that can trash your system because they're
executed with root privileges? Do you vet every package that you install
on your system to make sure its not doing anything weird? Do you trust
your kernel?
--
Keith
More information about the ubuntu-users
mailing list