On Thu, 16 Jun 2016 15:27:29 +0000 (UTC) James wrote: > José Maldonado <josemald89 <at> gmail.com> writes: > > > > The last days, ArsTechnica publish this new: > > > > http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/ > > > > "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, > > Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu," > > Canonical's announcement says. "They are currently being validated on > > CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are > > easy to enable on other Linux distributions." (Ubuntu will continue to > > support deb packages, but developers can choose to package applications > > as snaps instead of or in addition to debs.)" > > > > Gentoo is supporting officially Snap packages? Why not Flatpak? >> >> Thank you very much for your responses! Bye! :) >> > > One word SECURITY? Trust but verify does come to mind.
+1 It looks like C:/Program Files/ for Linux to me. It is a complete bundle with all dependency libs, thus vulnerabilities can't be fixed by a regular emerge and users will need to update _each_ snap separately. If updates will be available, but likely they will not be, at least not in time. I'm not talking about tremendous RAM waste (due to shared objects duplication) and disk space waste as well. Both of them can be mitigated by deduplication of RAM and disk pages, but this will eat lots of CPU and users should be quite advanced to do that. > Containers are not exactly the most secure apparatus, imho. > "Clair is an open source project for the static analysis of vulnerabilities > in appc and docker containers." [1]. So, I want to hear about the robustness > of the security on these 'self containerd packages. There is a security audit of the snap already available: http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html It is quite lengthy, but worth reading. Tl;dr: if you care about security of your box, stay away of this stuff. Best regards, Andrew Savchenko
pgpoD77neN2b_.pgp
Description: PGP signature