linuxmemes

20703 readers

2504 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

197

Snap bad (midwest.social)

submitted 13 hours ago by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 6 points 8 hours ago (1 children)

Well, that's your problem for not understanding the massive difference, not mine.

[–] [email protected] 5 points 7 hours ago (1 children)

If you don't want to explain, you're perfectly welcome to not explain. But saying what amounts to "if you don't know I'm not telling you", especially when you weren't specifically asked, is a pretty unkind addition to the conversation.

[–] [email protected] 8 points 7 hours ago (1 children)

One selects a different package, same source repo.

The other completely changes the installation, invisibly to the user, potentially introducing vulnerabilities.

Such as what they did with Docker, which I found less than hilarious when I had to clean up after someone entirely because of this idiocy.

The differences seem quite clear.

[–] [email protected] 1 points 6 hours ago (1 children)

In both cases, the packages are owned by the same people? (Fun fact: mozilla actually owns both the Firefox snap and the firefox package in the Ubuntu repos.) I'm non sure how that "potentially introduces vulnerabilities" any more than "having a package which has dependencies" does.

I'm not sure what you're referring to with Docker. Canonical provides both the docker.io package in apt and the docker snap. Personally I use the snap on my machine because I need to be able to easily switch versions for my development work.

[–] [email protected] 3 points 6 hours ago (1 children)

Because the separate installation means you can actually end up with both an apt installed and a snap installed.

My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto.

Yes, canonical provides both. Guess what? They screwed up, and introduced several vulnerabilities, and you ended up with both a snap and apt installed docker.

The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

[–] [email protected] 1 points 4 hours ago

Because the separate installation means you can actually end up with both an apt installed and a snap installed.

This is something that can happen any time you have multiple package managers or even multiple repositories in the same package manager. Google's official Chrome apt repo has debs for google-chrome-stable, google-chrome-beta and google-chrome-unstable, quite intentionally.

My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto

Can you provide a link to a source about that? I can't find anything about it.

and you ended up with both a snap and apt installed docker

If you installed both the docker.io package from apt and the docker snap, yes you wound up with both. Just as if you install both google-chrome-stable and chromium you'll end up with two packages of (almost) the same browser.

The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

Then I'm gonna ask that you elaborate what specific problem you're trying to explain here, because these seem pretty contradictory.