1 |
On Thu, 16 Jun 2016 15:27:29 +0000 (UTC) James wrote: |
2 |
> José Maldonado <josemald89 <at> gmail.com> writes: |
3 |
> |
4 |
> |
5 |
> > The last days, ArsTechnica publish this new: |
6 |
> |
7 |
> > |
8 |
> http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/ |
9 |
> > |
10 |
> > "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, |
11 |
> > Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu," |
12 |
> > Canonical's announcement says. "They are currently being validated on |
13 |
> > CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are |
14 |
> > easy to enable on other Linux distributions." (Ubuntu will continue to |
15 |
> > support deb packages, but developers can choose to package applications |
16 |
> > as snaps instead of or in addition to debs.)" |
17 |
> > |
18 |
> > Gentoo is supporting officially Snap packages? Why not Flatpak? |
19 |
>> |
20 |
>> Thank you very much for your responses! Bye! :) |
21 |
>> |
22 |
> |
23 |
> One word SECURITY? Trust but verify does come to mind. |
24 |
|
25 |
+1 |
26 |
It looks like C:/Program Files/ for Linux to me. |
27 |
|
28 |
It is a complete bundle with all dependency libs, thus |
29 |
vulnerabilities can't be fixed by a regular emerge and users will |
30 |
need to update _each_ snap separately. If updates will be |
31 |
available, but likely they will not be, at least not in time. |
32 |
|
33 |
I'm not talking about tremendous RAM waste (due to shared objects |
34 |
duplication) and disk space waste as well. Both of them can be |
35 |
mitigated by deduplication of RAM and disk pages, but this will eat |
36 |
lots of CPU and users should be quite advanced to do that. |
37 |
|
38 |
> Containers are not exactly the most secure apparatus, imho. |
39 |
> "Clair is an open source project for the static analysis of vulnerabilities |
40 |
> in appc and docker containers." [1]. So, I want to hear about the robustness |
41 |
> of the security on these 'self containerd packages. |
42 |
|
43 |
There is a security audit of the snap already available: |
44 |
http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html |
45 |
|
46 |
It is quite lengthy, but worth reading. |
47 |
Tl;dr: if you care about security of your box, stay away of this |
48 |
stuff. |
49 |
|
50 |
Best regards, |
51 |
Andrew Savchenko |