|
|
|
|
|
|
by Chyzwar
1712 days ago
|
|
|
If you want to solve security, portability, and distribution in proper way, you will end with something similar. Security: Snap are running in sandbox by default and have proper support for system permissions. They are installed in user home directory. There is central store that allow for reporting and regularly perform security scanning. Portability: Snaps works on most distros. They allow building once and distribute everywhere model. You no longer need to build multiple packages for every package manager in universe. They make building software for Linux easy[1]. I remember doing rpm to deb conversion, installing from source and running stuff in VM/docker. Distribution. Most distros do not accept proprietary apps. Most importantly, you are no longer at the mercy of distro maintainers deciding when you can release your own software. Because your snaps are portable, your users will get updates even if they are on an older distro. Hopefully no more PPA hell that can brick your system. [1] https://www.electronjs.org/docs/latest/tutorial/snapcraft |
|
|
The sandbox doesn't work on any distros that aren't using the latest AppArmor, such as Fedora and derivatives.
Flatpak tries to solve the same problem at least for desktop apps, but with a few key differences:
- The sandbox is implemented entirely using user namespaces, not using Apparmor or Selinux, hence works on basically any modern distro.
- The user remains firmly in the driver's seat in terms of when applications get updated. Yes, you can enable automatic updates, but unlike with snaps, you can also opt out.