hi, Am Sonntag, den 10.07.2016, 17:11 +0200 schrieb Ralf Mardorf: > Hi, > > there's an interesting counter-argument against something similar to > snapcraft/snappy. > > https://lists.archlinux.org/pipermail/arch-general/2016-July/041579.h > tml
well, this is about flatpack not snappy ... comparing apples with peas ... ;) snappy uses completely different confinement mechanisms (apparmor, seccomp, packages being 100% readonly, the exec env being readonly etc), and while it is true that shipped dependencies of an app can actually be compromised, the confinement will save you from ill effects on your system through that. yes, one app *can* have a compromised libssl in the snap, but that security breach will exactly only apply to that one app, there is no way for it to affect the system or any other apps (unless the user told it to by enabling any cross snap interfaces) if your kernel would be broken enough to actually circumvent the used security mechanisms above, i guess issues in snap packages would be the least of your problems :) ciao oli
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss