hi, Am Sonntag, den 10.07.2016, 17:11 +0200 schrieb Ralf Mardorf: > Hi, > > there's an interesting counter-argument against something similar to > snapcraft/snappy. > > https://lists.archlinux.org/pipermail/arch-general/2016-July/041579.h > tml
well, this is about flatpack not snappy ... comparing apples with peas
... ;)
snappy uses completely different confinement mechanisms (apparmor,
seccomp, packages being 100% readonly, the exec env being readonly
etc), and while it is true that shipped dependencies of an app can
actually be compromised, the confinement will save you from ill effects
on your system through that.
yes, one app *can* have a compromised libssl in the snap, but that
security breach will exactly only apply to that one app, there is no
way for it to affect the system or any other apps (unless the user told
it to by enabling any cross snap interfaces)
if your kernel would be broken enough to actually circumvent the used
security mechanisms above, i guess issues in snap packages would be the
least of your problems :)
ciao
oli
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
