Announcement

Collapse
No announcement yet.

Ubuntu 24.10 To Enhance Snap Permissions Handling

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by royce View Post
    It seems like you should be using a different packaging mechanism than snap then.
    Originally posted by sarmad View Post
    Why don't you use AppImage instead?
    Note that I used the wording "product based on Ubuntu", not "product for Ubuntu". That means we ship the whole OS as part of our product, and thus don't have a lot of choice in the packaging formats the OS itself uses, lest we lose Canonical's support. For what it's worth, our own components are indeed packaged using traditional .deb format. Doesn't really help with the rest of the Snap SNAFU that we're responsible for as part of the product's OS core.

    Comment


    • #22
      Originally posted by F.Ultra View Post
      Mozilla doesn't have their own APT repository, the repo is named "The Mozilla Team" because it is done by the Ubuntu Mozilla Team, aka this is a PPA provided by Ubuntu for those that prefer to use the apt over the Snap but in a way where Snap is the default and you have to jump through hoops to use the apt version.
      I see you missed the memo
      Originally posted by F.Ultra View Post
      If your machines don't have Internet access then the need for security updates is quite low to be frank. That said, this is an issue regardless of you use snap, any other container format or rpm/apt. And Snap have a download function so you can download the snaps on an Internet connected machine and then transfer the files to the non Internet connected machine via say a flash drive and then install it locally with "snap install /path/to/the/snap", so exactly like you would do it with apt or rpm.
      Internet connectivity is not the only reason to make sure all CVEs are addressed, there are plenty possible environment configurations where security is a very high concern despite the whole network being airgapped from the larger wide web. Ever heard of defense in depth?

      With APT/DNF repositories it is fairly trivial to mirror them wholesale, as they are just static file directory structures. Whereas Snap Store is a whole application server requiring database and other components, and it is still not open by itself, you can only have isolated deployment of snap store proxy which is NOT the same as the actual snap store. And while snap store proxy can operate in isolated mode, even making sure that it contains just the absolutely necessary packages available and up-to-date is not exactly trivial. Worse yet, what you suggest with using flash drive is frankly childish - that may work for a family-sized deployment or a small business the size of a mom-and-pop shop, but it's a complete non-starter for an actual product being sold to a significant enough number of large enough customers to justify the expense of developing and maintaining it.

      Comment


      • #23
        Originally posted by hyperchaotic View Post
        Good, this is sorely needed for Snap and Flatpak.
        Should have been done LONG AGO

        Comment


        • #24
          Originally posted by pWe00Iri3e7Z9lHOX2Qx View Post

          I actually want my snap / flatpak apps to upgrade automatically. For flatpaks I end up creating a systemd timer to do it, but it would be nice if it was a built in option. When your web browser that is the largest attack surface on your machine is packaged this way, auto updates are a good thing.
          I agree BUT it should be a conscious choice by the end user through a Settings screen to enable it.

          After all, the user does know what THEY want, right? So they should be the one to decide if the feature will be used or not.

          I know there are some out there that will whine: THAT'S TOO MUCH WORK I GOTZ ENOUGH TO SETUP ALREADY ... so my response is: Use Windoze instead.

          Comment


          • #25
            Originally posted by woddy View Post

            On the contrary, I hate automatic updates, because they can interrupt my workflow.
            I prefer to be notified of available updates and launch them myself, at a time that doesn't interrupt anything.
            This is basically what happens on my Tumbleweed KDE.​
            They don't interrupt anything on Ubuntu. The way they work is that while you have the application open, it won't update, but then it will if you close it or reboot the system.

            Comment


            • #26
              Originally posted by AkulaMD View Post

              I see. So there's basically no performance penalty running an app through Snap/Flatpak compared the the native installation? Thank you very much for sharing the info and confirming what I've heard from some other users.
              There may be a slight performance penalty for reading any files included in the package, unless it changed recently, this will be more for Snap because it uses a loopback mount, where as Flatpak is just sandboxed bind mounts.

              But minimal.

              Comment


              • #27
                Originally posted by geerge View Post
                Canonical really improved my snap experience when they convinced me to switch to Fedora to avoid snaps.
                Don't you say? i switched from Kubuntu to Fedora for exactly the same reason years ago...
                Phantom circuit Sequence Reducer Dyslexia

                Comment


                • #28
                  Originally posted by AkulaMD View Post
                  Glad to hear the news. As a linux user with a beginner level of proficiency, the thing i like about Snap as apposed to Flatpak is that it gives me extra 1 fps in OpenRA game (30fps vs 29fps) while running on my Raspberry Pi 5 4GB RAM version despite the noticably longer time taken to launch the game compared to Flatoack.
                  the 1FPS difference could be a statistical error.
                  Phantom circuit Sequence Reducer Dyslexia

                  Comment


                  • #29
                    Originally posted by moonwalker View Post
                    Note that I used the wording "product based on Ubuntu", not "product for Ubuntu". That means we ship the whole OS as part of our product, and thus don't have a lot of choice in the packaging formats the OS itself uses, lest we lose Canonical's support. For what it's worth, our own components are indeed packaged using traditional .deb format. Doesn't really help with the rest of the Snap SNAFU that we're responsible for as part of the product's OS core.
                    its time for business and people to understand that a distro like ubuntu with Microsoft money inside is not in their best interest.

                    switch to debian or fedora or rocky linux... i did switch from kubuntu to fedora years ago.
                    Phantom circuit Sequence Reducer Dyslexia

                    Comment


                    • #30
                      Originally posted by varikonniemi View Post

                      and the mount point spam
                      I don't understand why so many users complain about this. Why is many mount points a problem? Honest question, not trolling.

                      Comment

                      Working...
                      X