124
Snap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion System
(www.aquasec.com)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Only appimages follow that model and the problem being solved is real and has nothing to do with any of that. The problem being solved is the huge amount of wasted work that distributions do by having to package and support every single project in existence for their various targets. Giving developers a single target like the freedesktop.org runtimes (in the case of flatpaks) and having them package and support applications is a much simpler and more efficient model.
I should maybe have explained one detail better.
It absolutely does. Because the answer for the noobs used to be:
"Just install from your distro's repo. If you need help, ask others who run your distro about how to do it properly. Do NOT go and just google for something and install it, nor compile from source until you are experienced enough to make an informed choice to do so." That advice would sidestep so many headaches for noobs and for folks trying to help noobs.
But now that last part is:
"Stay within your distros repos unless you want to use snaps. Of course, if you are going to use snaps, here are these things you should know. You could also probably find a flatpak for many things, so you can try that, but now here's some things you should know about flatpak. Appimage is also an option, and you can probably find an appimage for some software, but appimage also has some things you should know about how it works and how to integrate it with your system. You should also understand the pros and cons of each of those options with regard to security, and also how that detail compares against just using software from your distro's repos."
My eyes glazed over just typing that. That's not going to help a confused noobie.
A noob shouldn't have to think about any of this. They would install from gnome software or discover and not know the difference between flatpaks or rpms or debs.
I suppose that sounds great, but every time I see a thread where folks complain about these various packaging formats, I'm just really happy I don't use any of them on my system. All I see in these discussions are user-level problems that I don't ever have due to avoiding them entirely. One day when I can't run a distro that doesn't use them I suppose I'll have no choice, but until then... We clearly seem NOT to have settled on a single target, so I don't know why I'd voluntarily wade into all that as a user while it's still not settled.