• lengau@midwest.socialOP
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      2 months ago

      I don’t understand how a transitional package that installs the snap (which is documented in the package description) is any different from a transitional package that replaces, say, ffmpeg with libav.

      $ apt show firefox
      Package: firefox
      Version: 1:1snap1-0ubuntu5
      Priority: optional
      Section: web
      Origin: Ubuntu
      Maintainer: Ubuntu Mozilla Team <ubuntu-mozillateam@lists.ubuntu.com>
      Bugs: https://bugs.launchpad.net/ubuntu/+filebug
      Installed-Size: 124 kB
      Provides: gnome-www-browser, iceweasel, www-browser, x-www-browser
      Pre-Depends: debconf, snapd (>= 2.54)
      Depends: debconf (>= 0.5) | debconf-2.0
      Breaks: firefox-dbg (<< 1:1snap1), firefox-dev (<< 1:1snap1), firefox-geckodriver (<< 1:1snap1), firefox-mozsymbols (<< 1:1snap1)
      Replaces: firefox-dbg (<< 1:1snap1), firefox-dev (<< 1:1snap1), firefox-geckodriver (<< 1:1snap1), firefox-mozsymbols (<< 1:1snap1)
      Task: ubuntu-desktop-minimal, ubuntu-desktop, kubuntu-desktop, kubuntu-full, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntukylin-desktop, ubuntukylin-desktop-minimal, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop-minimal, ubuntu-budgie-desktop, ubuntu-budgie-desktop-raspi, ubuntu-unity-live, edubuntu-desktop-gnome-minimal, edubuntu-desktop-gnome, edubuntu-desktop-gnome-raspi, ubuntucinnamon-desktop-minimal, ubuntucinnamon-desktop
      Download-Size: 77.3 kB
      APT-Manual-Installed: no
      APT-Sources: http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
      Description: Transitional package - firefox -> firefox snap
       This is a transitional dummy package. It can safely be removed.
       .
       firefox is now replaced by the firefox snap.
      
        • lengau@midwest.socialOP
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          If you don’t want to explain, you’re perfectly welcome to not explain. But saying what amounts to “if you don’t know I’m not telling you”, especially when you weren’t specifically asked, is a pretty unkind addition to the conversation.

          • curbstickle@lemmy.dbzer0.com
            link
            fedilink
            arrow-up
            1
            ·
            2 months ago

            One selects a different package, same source repo.

            The other completely changes the installation, invisibly to the user, potentially introducing vulnerabilities.

            Such as what they did with Docker, which I found less than hilarious when I had to clean up after someone entirely because of this idiocy.

            The differences seem quite clear.

            • lengau@midwest.socialOP
              link
              fedilink
              arrow-up
              0
              ·
              2 months ago

              In both cases, the packages are owned by the same people? (Fun fact: mozilla actually owns both the Firefox snap and the firefox package in the Ubuntu repos.) I’m non sure how that “potentially introduces vulnerabilities” any more than “having a package which has dependencies” does.

              I’m not sure what you’re referring to with Docker. Canonical provides both the docker.io package in apt and the docker snap. Personally I use the snap on my machine because I need to be able to easily switch versions for my development work.

              • curbstickle@lemmy.dbzer0.com
                link
                fedilink
                arrow-up
                1
                ·
                2 months ago

                Because the separate installation means you can actually end up with both an apt installed and a snap installed.

                My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto.

                Yes, canonical provides both. Guess what? They screwed up, and introduced several vulnerabilities, and you ended up with both a snap and apt installed docker.

                The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.