From the snaps website: Easily find and install new applications or
remove existing installed applications with the Snap Store snap. End quote.
Snaps and snapcraft are from Canonical, i.e., Ubuntu. The site appears
legitimate, and appears to mostly support "apps" that are not typical on
an EL machine, but are typical on consumer machines. I have learned to
"trust" the standard repos upon which many SL user rely -- SL itself as
well as epel and elrepo -- for having clean RPMs (no malware, spyware,
compromises other than the security defects that are intrinsic to
however the software is implemented and are regularly patched with
updated releases). It appears from others who use the equivalent deb
files from Ubuntu LTS (Canonical) that similar sanitation is applied by
Canonical. However, snaps seems to have large numbers of independent
authors, similar to the add-ons one can get for Mozilla applications
(and for "smart phone" apps, etc.). The question is not only the
functionality, but also whether or not Canonical has sufficiently vetted
the applications for cleanliness. Hence, my question to this list.
If RHEL, Oracle EL, or SL provided compromised downloads -- as EL is
used by large professional/commercial entities around the world -- there
would be issues noticed and raised from such entities. Evidently, Ubuntu
LTS is used in a similar fashion to EL. (Obviously, a poorly informed
person who accepts software from an unvetted source or "pirated" or
"cracked" software is open to such compromises.) Canonical is a
competitor to the pre-IBM Red Hat with a different business model
(Ubuntu LTS does not require a license to get it in binary installable
form, and thus does not require a SL solution to get EL at "no cost" --
although there are such solutions from other Ubuntu/Debian based distros).
Stay safe. Take care.
Yasha Karant
On 4/24/20 11:24 PM, Andrew C Aitchison wrote:
On Sat, 25 Apr 2020, Nico Kadel-Garcia wrote:
On Sat, Apr 25, 2020 at 1:38 AM Yasha Karant <ykar...@csusb.edu> wrote:
Does anyone know how secure (safe, not malware, spyware, etc.) is
Snaps?
Please see below. Certain applications that are not available for
EL but
from other distros, particularly Ubuntu, evidently can be installed via
Snaps. Epel is a standard EL repo, but Snaps is not.
Never heqrd of them. This does not bode well. "Containerized packages"
hints that they're docker based and will "solve packaging" sounds
like...
somebody reading Ayn Rand, or Karl Marx, and htinks they learned
economics.
Having actually packaged and configured various software, I'm deeply
usspicious that they did the easy part and sell that.
I tried snaps briefly on a home Ubuntu (19.04 IIRC) machine.
I don't remember whether then were docker or singularity, but they
definitely were containers and each "package" was a file that
was (loop-back?) mounted under /snap (or /snaps).
However I had to abandon them almost immediately as they didn't
support my particular home directory. For possibly good reasons
homedirs have to be /home/<username> and not symbolic links.
(For reasons of dual boot and having added a second disk my home dir
was a sym-link).
That struck me as a potentially significant limitation for
institutional use: in my experience automounters often result in
sym-linked homedirs.
