350

Snap bad(midwest.social)

posted
by
Avatar
lengau@midwest.social
in
Avatar
linuxmemes@lemmy.world
80 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
lengau@midwest.socialOP
14 points

If you don’t want to explain, you’re perfectly welcome to not explain. But saying what amounts to “if you don’t know I’m not telling you”, especially when you weren’t specifically asked, is a pretty unkind addition to the conversation.

permalink
report
parent
reply
Avatar
curbstickle@lemmy.dbzer0.com
19 points

One selects a different package, same source repo.

The other completely changes the installation, invisibly to the user, potentially introducing vulnerabilities.

Such as what they did with Docker, which I found less than hilarious when I had to clean up after someone entirely because of this idiocy.

The differences seem quite clear.

permalink
report
parent
reply
Avatar
lengau@midwest.socialOP
0 points

In both cases, the packages are owned by the same people? (Fun fact: mozilla actually owns both the Firefox snap and the firefox package in the Ubuntu repos.) I’m non sure how that “potentially introduces vulnerabilities” any more than “having a package which has dependencies” does.

I’m not sure what you’re referring to with Docker. Canonical provides both the docker.io package in apt and the docker snap. Personally I use the snap on my machine because I need to be able to easily switch versions for my development work.

permalink
report
parent
reply
Avatar
curbstickle@lemmy.dbzer0.com
6 points

Because the separate installation means you can actually end up with both an apt installed and a snap installed.

My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto.

Yes, canonical provides both. Guess what? They screwed up, and introduced several vulnerabilities, and you ended up with both a snap and apt installed docker.

The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

permalink
report
parent
reply
Show more comments
Avatar
macniel@feddit.org
1 point
Deleted by creator
permalink
report
parent
reply

linuxmemes

!linuxmemes@lemmy.world

Create post

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules
2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of “peasantry” to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
4. No recent reposts
  • Everybody uses Arch btw, can’t quit Vim, and wants to interject for a moment. You can stop now.

 

Please report posts and comments that break these rules!

Important: never execute code or follow advice that you don’t understand or can’t verify, especially here. The word of the day is credibility. This is a meme community – even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don’t fork-bomb your computer.

Community stats

  • 6.5K

    Monthly active users

  • 1.1K

    Posts

  • 24K

    Comments

Community moderators