Originally posted by MadWatch
View Post
Announcement
Collapse
No announcement yet.
Ubuntu 24.10 To Enhance Snap Permissions Handling
Collapse
X
-
- Likes 9
-
Originally posted by MadWatch View PostNow if they could get rid of that annoying automatic update system then Snap might begin to be good.
- Likes 6
Comment
-
Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post
I actually want my snap / flatpak apps to upgrade automatically. For flatpaks I end up creating a systemd timer to do it, but it would be nice if it was a built in option. When your web browser that is the largest attack surface on your machine is packaged this way, auto updates are a good thing.
- Likes 4
Comment
-
And it is pointless as flatpack has numerous sandbox problems, hint don't use it for security - it is just distribution tool.
- Likes 7
Comment
-
Originally posted by royce View Post
That's probably down to how the binaries were compiled for each flatpak and snap versions. Once they're running, there's basically zero overhead.
Comment
-
Originally posted by moonwalker View PostOur company actually develops a product based on Ubuntu, and Snap has been a major PITA for that. There are environments our product has to run in that don't have Internet access, yet still need to have regularly updated with any security fixes software, and Canonical has no solution for that right now other than selectively pulling specific packages from snap store and side-loading them into a standalone snap proxy instance. I've also heard Canonical claiming that shipping Firefox as a snap is Mozilla's requirement, but why does Mozilla then serve their own APT repo now? Either way, on my work laptop (where I run Ubuntu because our corp IT doesn't allow running Debian) I just have APT pin to set `snap` priority to -1, making sure it never gets installed once it is purged from the system.
- Likes 1
Comment
-
Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post
I actually want my snap / flatpak apps to upgrade automatically. For flatpaks I end up creating a systemd timer to do it, but it would be nice if it was a built in option. When your web browser that is the largest attack surface on your machine is packaged this way, auto updates are a good thing.
I prefer to be notified of available updates and launch them myself, at a time that doesn't interrupt anything.
This is basically what happens on my Tumbleweed KDE.
- Likes 4
Comment
-
Originally posted by moonwalker View PostOur company actually develops a product based on Ubuntu, and Snap has been a major PITA for that. There are environments our product has to run in that don't have Internet access, yet still need to have regularly updated with any security fixes software, and Canonical has no solution for that right now other than selectively pulling specific packages from snap store and side-loading them into a standalone snap proxy instance. I've also heard Canonical claiming that shipping Firefox as a snap is Mozilla's requirement, but why does Mozilla then serve their own APT repo now? Either way, on my work laptop (where I run Ubuntu because our corp IT doesn't allow running Debian) I just have APT pin to set `snap` priority to -1, making sure it never gets installed once it is purged from the system.
If your machines don't have Internet access then the need for security updates is quite low to be frank. That said, this is an issue regardless of you use snap, any other container format or rpm/apt. And Snap have a download function so you can download the snaps on an Internet connected machine and then transfer the files to the non Internet connected machine via say a flash drive and then install it locally with "snap install /path/to/the/snap", so exactly like you would do it with apt or rpm.
Originally posted by AkulaMD View Post
I see. So there's basically no performance penalty running an app through Snap/Flatpak compared the the native installation? Thank you very much for sharing the info and confirming what I've heard from some other users.Last edited by F.Ultra; 11 September 2024, 03:54 PM.
- Likes 2
Comment
Comment