• echo64@lemmy.world
    link
    fedilink
    arrow-up
    56
    arrow-down
    18
    ·
    edit-2
    8 months ago

    I know we all like to hate on canonical for literally any reason, but this happens with every single software repository that is not a closed garden and some that are.

    And yeah, it’s sandboxed, so the damage is far, far less than it could be.

    • RegalPotoo@lemmy.world
      link
      fedilink
      English
      arrow-up
      61
      arrow-down
      1
      ·
      8 months ago

      Given that the snap store is a closed source proprietary component, I’d argue that snaps are a walled garden

    • trevor@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      54
      ·
      8 months ago

      Sandboxing does nothing for social-engineering attacks, which is what many of the malicious snaps were designed for.

      And the thing that makes the Snap Store uniquely bad is that there’s no human review. Anyone can throw up a malicious snap, and there are very good odds that it’ll get served there. Even the Flathub, a community-run project, has human reviews before new apps get published. Canonical, despite having money and resources that community projects don’t, can’t seem to be bothered to take basic steps to protect their users.

    • Destide@feddit.ukOP
      link
      fedilink
      English
      arrow-up
      15
      ·
      8 months ago

      I think the main issue here is they are telling users the software is safe without any due diligence.

    • ryannathans
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      Closed garden has the same problem too, it’s not immune

      • RickRussell_CA@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        I’ve been using Ubuntu for years and I literally had no idea. Admittedly, I don’t deal with servers or anything, so I guess some of the stuff coming from their package respositories could be “snap” format and I wouldn’t really notice.

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          8 months ago

          Actually yes, this is exactly the case. And they’ve done it in a really shady way if you ask me (or Clem, the main guy over at Linux Mint).

          I’ve been using Fedora on a little tablet I’ve got, and it uses either .rpm packages or flatpaks. The GUI package manager lets you select which repository it pulls from (either .rpm, or Flapaks can come from Flathub or their own repo, and clearly displays this). If invoked from the terminal, the DNF package manager gets you .rpms, and Flatpak gets you, well, flatpaks.

          Ubuntu uses the APT package manager with .deb packages, and Snap with snap packages. But sometimes if you do an apt-get install, it installs a snap instead. That’s some Microsoft level bullshit.

    • XEAL@lemm.ee
      link
      fedilink
      arrow-up
      8
      arrow-down
      1
      ·
      8 months ago

      Snaps are containerised software packages.

      They include all of the dependencies for the software to work.

      In my case, I use them when what I’m looking for is not available via apt but it is via snap.