• lengau@midwest.socialOP
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    edit-2
    2 months ago

    Isn’t that kinda the same with, for example, Fedora and Flatpaks? Or Debian and debs? Or Ubuntu and debs? Or Fedora and rpms?

    The packaging system that your distro provides gets you the packages you get. For a small number of packages that were a maintenance nightmare, Ubuntu provides a transitional debs to move people over to the snaps (e.g. Firefox, Thunderbird), but if you want to get it from another repo, you can do exactly what KDE Neon does by setting your preferences.

      • lengau@midwest.socialOP
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        2 months ago

        I don’t understand how a transitional package that installs the snap (which is documented in the package description) is any different from a transitional package that replaces, say, ffmpeg with libav.

        $ apt show firefox
        Package: firefox
        Version: 1:1snap1-0ubuntu5
        Priority: optional
        Section: web
        Origin: Ubuntu
        Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam@lists.ubuntu.com>
        Bugs: https://bugs.launchpad.net/ubuntu/+filebug
        Installed-Size: 124 kB
        Provides: gnome-www-browser, iceweasel, www-browser, x-www-browser
        Pre-Depends: debconf, snapd (>= 2.54)
        Depends: debconf (>= 0.5) | debconf-2.0
        Breaks: firefox-dbg (<< 1:1snap1), firefox-dev (<< 1:1snap1), firefox-geckodriver (<< 1:1snap1), firefox-mozsymbols (<< 1:1snap1)
        Replaces: firefox-dbg (<< 1:1snap1), firefox-dev (<< 1:1snap1), firefox-geckodriver (<< 1:1snap1), firefox-mozsymbols (<< 1:1snap1)
        Task: ubuntu-desktop-minimal, ubuntu-desktop, kubuntu-desktop, kubuntu-full, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntukylin-desktop, ubuntukylin-desktop-minimal, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop-minimal, ubuntu-budgie-desktop, ubuntu-budgie-desktop-raspi, ubuntu-unity-live, edubuntu-desktop-gnome-minimal, edubuntu-desktop-gnome, edubuntu-desktop-gnome-raspi, ubuntucinnamon-desktop-minimal, ubuntucinnamon-desktop
        Download-Size: 77.3 kB
        APT-Manual-Installed: no
        APT-Sources: http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
        Description: Transitional package - firefox -> firefox snap
         This is a transitional dummy package. It can safely be removed.
         .
         firefox is now replaced by the firefox snap.
        
          • lengau@midwest.socialOP
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            If you don’t want to explain, you’re perfectly welcome to not explain. But saying what amounts to “if you don’t know I’m not telling you”, especially when you weren’t specifically asked, is a pretty unkind addition to the conversation.

            • curbstickle@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              1
              ·
              2 months ago

              One selects a different package, same source repo.

              The other completely changes the installation, invisibly to the user, potentially introducing vulnerabilities.

              Such as what they did with Docker, which I found less than hilarious when I had to clean up after someone entirely because of this idiocy.

              The differences seem quite clear.

              • lengau@midwest.socialOP
                link
                fedilink
                arrow-up
                0
                ·
                2 months ago

                In both cases, the packages are owned by the same people? (Fun fact: mozilla actually owns both the Firefox snap and the firefox package in the Ubuntu repos.) I’m non sure how that “potentially introduces vulnerabilities” any more than “having a package which has dependencies” does.

                I’m not sure what you’re referring to with Docker. Canonical provides both the docker.io package in apt and the docker snap. Personally I use the snap on my machine because I need to be able to easily switch versions for my development work.

                • curbstickle@lemmy.dbzer0.com
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  2 months ago

                  Because the separate installation means you can actually end up with both an apt installed and a snap installed.

                  My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto.

                  Yes, canonical provides both. Guess what? They screwed up, and introduced several vulnerabilities, and you ended up with both a snap and apt installed docker.

                  The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

    • lime!@feddit.nu
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      the thing people dislike about that is that you’re silently moved from an open system to a closed-source one.

      Debian’s .deb hosting is completely open and you can host your own repository from which anyone can pull packages just by adding it to the apt config. fedora, suse, arch, same thing.

      only Canonical can host snaps, and they’re not telling people how the hosting works. KDE seems to upload their packages to the snap store for Neon, judging from their page.

      also, crucially, canonical are not the ones doing the maintenance for those apt packages. the debian team does that.

      • MajorHavoc@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 months ago

        the thing people dislike about that is that you’re silently moved from an open system to a closed-source one.

        Yeah. I didn’t realize I had fallen for it until I tried to automate a system rebuild, and discovered that a bunch of the snap back end seems to be closed and proprietary.

        And a lot of it for no reason. Reasonable apt and flatpak alternates existed, but Canonical steered me to their closed repackaged versions.

    • Laurel Raven@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Fedora with Flatpaks is open and up front about whether you’re getting a Flatpak or a system installed package, and lets you choose if both are available. And installing through dnf/yum isn’t going to do anything at all with Flatpak.

      And what about Debian with debs? That’s literally what apt was designed to work with. If it gave you Flatpaks, or the flatpak command installed debs, that would be more like what Ubuntu is doing.

      The fact that Canonical shoehorned snaps into apt is the problem. I’ve heard bad things about snap, but I wouldn’t know because I’ve never used it, and I never will because of this.

      When I tell my computer to do one thing and it does something completely different without my consent, that is a problem, and is why I left Windows. I don’t need that in Linux too, and Canonical has proven they can’t be trusted not to do that.