Announcement

Collapse
No announcement yet.

Snaps & Ubuntu Core Desktop Talked Up At FOSDEM 2024

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Snaps & Ubuntu Core Desktop Talked Up At FOSDEM 2024

    Phoronix: Snaps & Ubuntu Core Desktop Talked Up At FOSDEM 2024

    Canonical engineer Till Kamppeter was at FOSDEM 2024 last weekend in Belgium to talk up the Snap packaging format spearheaded for Ubuntu Linux as well as their ongoing work around Ubuntu Core Desktop for providing an all-Snap based operating system...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I love how Canonical just has to double down on a double down on a double down. Years of wild ideas, and still the fundamental issues of snap aren't addressed at all, at best worked around with changes on the app.

    Comment


    • #3
      ● Packaging moves from distros to upstream

      ○ 10+ distros, each packaging XXX, inventing the wheel 10+ times
      ○ So let upstream, XXX.org, snap it, distros take the Snap
      ○ Distro version released, app updates continue from upstream
      During the last 1.5 years or so, I've heard such propaganda a lot from advocates of both Snaps and Flatpaks. You know, about all the benefits of getting the software directly from the developer and that repackaging it for different distros is a waste of time.

      Recently, I've scrutinised the distro packaging process (previously I didn't know at all about how packages are made) and it made me appreciate traditional packages like never before. Particularly, I like the fact that packaging provides additional wall of security which you don't have if you get the software directly from the developer. What if the developer makes his software do something malicious and no one catches it before it gets to the user?
      I also like the fact that at least some distros like Debian work closely with upstream. For example, Debian packagers may find bugs and report them to upstream. One thing I dislike about open source software in general is the over-reliance on users for reporting bugs. At least with distros like Debian, the packagers essentially also participate in bug reporting, not just the users. Again, something that's impossible if you get the software directly from the developer.

      Comment


      • #4
        For fucks sake Canonical, just drop it!
        How long are you still willing to try to force push this crap, while people are resisting?

        Comment


        • #5
          Originally posted by user1 View Post
          What if the developer makes his software do something malicious and no one catches it before it gets to the user?
          I hate to spoil it for you, but the package maintainer can do the same. The package goes through a proper review only once, then you can make changes and don't have to ask.
          I maintain applications both on Flathub and in a distro repository and I have to say that Flathub has been much more pushy about doing things right. They for example forced me to remove permission that became unnecessary when the app had already been on Flathub for 3 years. My packages in distro repos have never received so much scrutiny after they got in.

          Comment


          • #6
            Originally posted by user1 View Post
            I like the fact that packaging provides additional wall of security which you don't have if you get the software directly from the developer. What if the developer makes his software do something malicious and no one catches it before it gets to the user?
            I also like the fact that at least some distros like Debian work closely with upstream. For example, Debian packagers may find bugs and report them to upstream. One thing I dislike about open source software in general is the over-reliance on users for reporting bugs. At least with distros like Debian, the packagers essentially also participate in bug reporting, not just the users. Again, something that's impossible if you get the software directly from the developer.
            Nah, I don't think distro packagers catch more bugs than other people. Problem in compiling process? Sure, but how the software is actually used, everyone has same chance to encounter a bug.

            And about downstream patches, there's a reason why a patch doesn't get merged. If you want to include those patches in your distro. Fine, you do you... Not really. There's just so many bug reports in upstream caused by downstream patches. Did I say so many? I mean fuckton of them, thousand of hours of developers time wasted just to find out that that bug a user reports, doesn't even exist in their software.

            Remember, a packager will never be smarter than the developer. (No offense packagers out there thanks for keeping open source alive 🥰🥰). Devs just have more thingz to consider, more responsibility to users than packagers

            Comment


            • #7
              Originally posted by Sesivany View Post
              I hate to spoil it for you, but the package maintainer can do the same. The package goes through a proper review only once, then you can make changes and don't have to ask.
              Which distro are you talking about? Cause I'm sure not all distros have the absolute same level of scrutiny.

              Originally posted by Sesivany View Post
              I maintain applications both on Flathub and in a distro repository and I have to say that Flathub has been much more pushy about doing things right. They for example forced me to remove permission that became unnecessary when the app had already been on Flathub for 3 years. My packages in distro repos have never received so much scrutiny after they got in.
              I've looked at the sandbox permissions of a lot of Flathub apps and I have to say many of them are too lax. Like why in the world does LibreOffice and image viewers have full filesystem read/write access when it should at the very least be limited just to your home directory? Maybe the fact that your app has been 3 years on Flathub is most likely the reason why at some point someone scrutinised your app and asked you to remove unnecessary permissions.
              There are now over 2400 apps on Flathub, which is a lot, so I think there's no way someone constantly sits and manually checks if every single app has proper permissions.

              On another note, I do agree that Flathub really tries to do things right. That's unlike the SNAP Store, which clearly prioritises quantity over quality, the speed of publishing the app and the overreliance on automatic reviews, which afair the reason it was hit by malware twice now.

              Comment


              • #8
                Well... Can't wait to try it out!

                Comment


                • #9
                  Originally posted by user1 View Post
                  I've looked at the sandbox permissions of a lot of Flathub apps and I have to say many of them are too lax. Like why in the world does LibreOffice and image viewers have full filesystem read/write access when it should at the very least be limited just to your home directory?
                  Probably because of a forest of little things like "If you plug a USB stick in, it mounts under /media, not /home", combined with how you need --filesystem=host to get /usr/share/doc available at /var/run/host/usr/share/doc. so LibreOffice can be used as a reader for RTF- or ODT-format documentation (they're rare but do exist) before they get around to supporting the file chooser portal.

                  If not for that last one, I could definitely see a case being made for specifically enumerating the places to grant but, with it, it's very tricky to have a setup that Just Works™ reliably for users... and prioritizing "Just Works™" over "best sandboxing" is the name of the game for a lot of these Flatpak maintainers because they don't want people trying the Flatpak option, seeing something broken, and writing off Flatpak entirely as "it sucks".
                  Last edited by ssokolow; 07 February 2024, 09:28 AM.

                  Comment


                  • #10
                    Originally posted by mirmirmir View Post

                    Nah, I don't think distro packagers catch more bugs than other people. Problem in compiling process? Sure, but how the software is actually used, everyone has same chance to encounter a bug.
                    The OBS and openQA beg to differ.

                    Comment

                    Working...
                    X