Snap and modern software (was: Remove /snap directory)

Ralf Mardorf kde.lists at yahoo.com
Thu Dec 15 20:34:02 UTC 2022


On Thu, 2022-12-15 at 15:05 -0500, Jeffrey Walton wrote:
> As far as I know, there's no guarantee
...

...for higher life expectancy, if you don't go each day BASE jumping
after smoking crack, than when smoking each day crack before going base
jumping. So if your children ask you, if it's ok to go BASE jumping on
crack, you can reply that it is absolutely ok.

There are security measures such as using signed checksums or as using
read only containers for an executable. It makes a difference, if we
care for security used by the apt package management, by snaps or by
something else.

There's no guarantee, but some security measures are reasonable, while
security through obscurity is snake oil.

On Thu, 2022-12-15 at 01:13 +0100, I wrote:
> 100 binaries can share the same 10 shared libraries or
> 100 binaries can use 100 different versions of each of those 10
> libraries.
> 
> So your claim is, that checking the integrity of 100 * 10 = 1000
> libraries is not harder to do, than checking the integrity of 1 * 10 =
> 10 libraries?

IOW the package management approach to use shared libraries makes it
more likely to notice issues. Heartbleed alike issues are rare and for
anything else it's more likely that somebody will notice the issue, if
the amount of used shared libraries stays reasonable, compared to
countless versions of libraries.



More information about the ubuntu-users mailing list