On Thu, Jul 11, 2019 at 8:22 AM Richard Hughes <hughsi...@gmail.com> wrote: > > Hi all, > > In Fedora 31 I'll be disabling the snap plugin from GNOME Software. > It's never been enabled in RHEL and so this change only affects > Fedora. It's also not installed by default and so this change should > only affect a few people. It's also not really a FutureFeature, it's a > RemovalOfFeature but I'm happy to write something for the process and > release notes if required. > > Recently Canonical decided that they are not going to be installing > gnome-software in the next LTS, preferring instead to ship a "Snap > Store by Canonical" rather than GNOME Software. The new Snap store > will obviously not support Flatpaks (or packages, or even firmware > updates for that matter). The developers currently assigned to work on > gnome-software have been reassigned to work on Snap Store, and I'm not > confident they'll be able to keep both the old and new codebases in > the air at the same time. >
This is completely news to me. As far as I knew, Canonical was still actively committed to maintaining the snap plugin upstream and advancing it as a solution for distro integration for snaps in non-Ubuntu distributions. My understanding of the situation was that Canonical is working on a separate experience tailored for Ubuntu because they have extra needs, but all of it was built on GNOME Software in the first place. > As you might know, enabling the snap plugin also enables the "Snap > Store" which seemingly violates the same rules which prevent us > installing Flathub by default (enabling access to nonfree software, > and software with patent restrictions). Without the Snap Store the > snap support is pretty useless, as snapd is so tied to the snapcraft > ecosystem, and because you can't actually run your own instance of the > snap store, unlike Flatpak. > My opinion on this is that because we don't ship the plugin or snapd by default on any variant of Fedora, we don't really run counter to the rules. If there's something more specific you'd like for the snap integration in Fedora to do, that can be discussed separately and please talk to me off-list about it. > The existing snap plugin is not very well tested and I don't want to > be the one responsible when it breaks. At the moment enabling the snap > plugin causes the general UX of gnome-software to degrade, as all > search queries are also routed through snapd rather than being handled > in the same process. The design of snapd also means that packages just > get updated behind gnome-software's back, and so it's very hard to do > anything useful in the UI, or to make things like metered data work > correctly. There's also still no sandboxing support years after it was > promised, which means on Fedora running a snap is no more secure than > "wget -O - URL | bash", again much unlike Flatpak. > This actually hasn't been true for almost a year (snapd has seccomp and other filters in place), and in the last few months, we've rolled out *very basic* SELinux support into snapd. Today, snaps are sandboxed through the snapd-selinux policy, which generally confines snaps to only interacting with each other, and select holes for system integration. We've been working very hard upstream on improving this story for Fedora, and we've made tremendous progress. > I appreciate this is going to be controversial, and that some people > want snap support turned back on in GNOME Software. My answer there > would be that I'm perfectly happy with someone creating a new > gnome-software-snap top-level package (plugins in gnome-software are > just runtime loaded .so objects, rather than all compiled together) > and then they're responsible for keeping it up to date with any plugin > ABI breaks in gnome-software upstream (usually once per GNOME cycle) > and for any API or behaviour changes in snapd-glib. Basically, as long > as it's not my email that gets pinged by bugzilla when it breaks it's > fine. There was some suggestion that upstream we'd remove the snap > plugin completely, but I think it will remain until we see if snap > support improves or deteriorates further. > Would it make sense for Zygmunt and Maciek (CC'd to this email) to be added as CC contacts on Bugzilla, so they can address snap plugin issues when they arise? > Comments welcome, but anyone who insults me or insists I do more work > than I'm doing now will be ignored. > I'm just generally confused about this, and somewhat blindsided... I wish someone had looped *me* into these conversations, as one of the snap support maintainers in Fedora, I'm relying on these things to provide a good experience for Fedora users of snaps... -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
