Snapcraft



Vrai

Active Member
Hello everybody!!!
What do you think about Snapcraft?
I like the idea of 'Snaps' and 'Flatpaks' but I have some serious reservations.
The problem lies in the curation. While I am sure Ubuntu tries to keep an eye on the Snaps in the Snapcraft Store - there exists the very
plausible possibility of a malicious Snap finding it's way in. How can one be assured of the packages integrity? The same goes for Flatpaks and PPA's. I searched for methods of assuring the integrity of PPA's and found none - other than 'reputation'.

It's quite frustrating when the newest version of an app is available as a Snap but is not in the 'official' repos.
But for now I tend to stick with official repos of my distro.

What am I missing here? There must be a way of curating these package stores which can provide some assurance to the user.

One other thing I noticed regarding Flatpaks - installing a Flatpak app brings in a 'crap-ton' of cruft - in the range of multiple gigabytes.
SMH

One other concern I have - it seems to me that teaching Linux users to install software from here, there, and everywhere is setting up a situation similar to the Windows 'download sites' where users happily click away on install this and install that and end up getting themselves into trouble.

Perhaps I worry too much.
 

TechnoJunky

Well-Known Member
I'm with you Vrai. I've read all over to install this load this PPA. And it looks like it's someone's personal server. It's great that they've written this app or whatever, but how are we to know it was written well and doesn't contain any malware? And you said it, having it like this makes it like Windows downloads. If you install malware using root privileges, you have malware running as root.
With few exceptions I only download from the official repositories.
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
I'll verge a little off-topic here since @Vrai and @TechnoJunky have opened the door, and then we'll shut the door behind me and Capta can continue being "snappy", OK with you, Capta? :)

On the subject of PPAs, and this for The Viewers, perhaps, over and beyond what the people here may likely know.

Back next Post, gotta run some updates.

Wiz
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
Personal Package Archives for Ubuntu


Personal Package Archives (PPA) allow you to upload Ubuntu source packages to be built and published as an apt repository by Launchpad. You can find out more about PPAs and how to use them in our help page.

Search user-contributed software packages published in any Ubuntu PPA.
launchpad.net is a site founded by Ubuntu some years ago, and it is here that many PPAs reside. SourceForge may have some involvement as well.

PPAs are an invention of Ubuntu (and are thus accessible from Linux Mint and others), and although Ubuntu is based on Debian, Debian itself and its derivatives such as antiX and MX-series eg MX-18, do NOT support the use of PPAs.

That being said, even if you get a warning about an "untrusted PPA", if that software is aready included, by the same author, in your Distro, you can trust it.

Most notable examples are
  1. Timeshift and
  2. Unetbootin
Timeshift is by Tony George, working out of India through teejeetech.in

Tony also produces Aptik, UKUU and many others, all available by applying his PPA. Timeshift itself ships installed now with Linux Mint, Linux Lite, and one Manjaro spinoff.

You can read my Thread on Timeshift here - https://www.linux.org/threads/timeshift-similar-solutions-safeguard-recover-your-linux.15241/

Unetbootin is produced for many years now by Geza Kovacs. It has been in the Repositories for Ubuntu, Linux Mint and the like, for probably 5 years or more that I am aware of.

An advantage to having a PPA installed is its being captured in your Synaptic Package Manager, and thus getting both the latest, plus updates.

With Unetbootin, for example, you might have v6.08 or 6.12 in your Repos, whereas the PPA provides for v6.67.

If you are in doubt about a PPA, start a Thread here on it, we can look into it.

Cheers, and back to snapcraft - thanks Capta :)

Wiz
 

Members online

No members online now.

Top