snap is a total failure, drop it

[jschwender]

Nothing works with this crab idea of container formats. System integration fails, hardware specific things like cuda use is a nightmare to install, the container idea itself is a complete failure. In theory life for the packet maintainer gets easier. In reality it is nothing but work and problems shifted to the end user. That is a fundamentally bad idea!

DROP SNAP and all the other container crab!!!!!

[chipaca]

I'm sorry you feel this way about snaps. Would you like to explain why you feel this way, so we can make this criticism constructive?

[jschwender]

One example: Firefox: the Firefox Snap package is a 193MB download — that’s 120MB bigger than the regular version available to download from the Mozilla website! How do you deal with this, you don't care?! The package maintainer has less packages to maintain (which does not necessarily makes it easer). There are theming issues with Firefox, the start-up time is longer, your downloads go to a directory within the snap system, and you get in hell if you have a proprietary hardware driver installed as it just does not work. How do you handle this? If you continue to install this and that as container install, you end up insane consumption of harddisk space, just like with Windows installations where every installer brings his own RTL and you end up in having large number of RTL versions installed... On the Mozilla web page they name a single theoretical advantage: "you can run multiple versions of firefox in parallel". Well, like 99% of all users i don't care about that. In a nutshell: the user has only serious disadvantages, more trouble and does not get a single advantage.

One argument is that security was improved by containers. That is a clear lie. It could be in theory, if the container separation is done properly, and if the container itself is maintained properly. Both is an illusion. If you seriously separate the container in a sandbox you have no system integration at all, and i doubt that package maintainer will follow security issues in dependent libraries they use. I have seen so many snap installations that break the sandbox on installation. At the end you have a mix of more or less up to date libraries and programs, this certainly is LESS SECURE. There is one thing that is even worse than bad security, that is the illusion of good security.

In my opinion it is a better approach to put effort in solving root causes than hiding and encapsulating problems in containers.

[Ads20000]

the Firefox Snap package is a 193MB download — that’s 120MB bigger than the regular version available to download from the Mozilla website

When installed Firefox is 167MB as a Deb, the download is bigger yes, and it's a compromise made so that it's completely safe and workable to have brand new programs on much older operating system releases. This ensures stability (for noobs in a low-maintenance way, unlike rolling release operating systems) and up-to-date apps. A downside is more disk space taken (though 0AD is actually over 1.73 GB installed as a Deb and 875.2 MB as a snap) and bigger download sizes.

The package maintainer has less packages to maintain (which does not necessarily makes it easer).

Not necessarily but it probably will, since the snap should work the same on any distribution, so the maintainer need not test on every distro, they can assume it works on every distro, if it doesn't then it's probably a bug with snappy, not with their packaging, and fixing that will make it better for every snap, not just that one application.

There are theming issues with Firefox

And with every GTK snap actually, it's being worked on, and the Ubuntu desktop team want it ready by Ubuntu 18.10, so hopefully it'll be sorted by October (admittedly it was a target for 18.04 as well and hasn't happened yet).

the start-up time is longer

Correct, the last comment about this was in January, do you have any idea how this could be progressed further? It's something to do with snapcraft's desktop launchers but the devs aren't sure how to solve the issue :(

your downloads go to a directory within the snap system

Yes, the downloads go to a snap-specific directory because this is seen as more secure than giving a snap access to your entire home directory, I think that's the idea? Perhaps worth starting a topic about this?

you get in hell if you have a proprietary hardware driver installed as it just does not work

Yes I think @popey was having some strange crashing bug due to a proprietary driver? Not sure. Worth making a topic though if there isn't one for your specific issue already! The thing with proprietary drivers, though, is that they don't have an open development process, so it would be potentially harder for the snappy devs to engage with nVidia on this than to just file against the Nouveau driver if there were a problem with Nouveau.

just like with Windows installations where every installer brings his own RTL and you end up in having large number of RTL versions installed...

And millions (billions?) of Windows users cope!

you can run multiple versions of firefox in parallel

This is actually false for snappy, that's a feature on the snapd roadmap as upcoming.

the user has only serious disadvantages, more trouble and does not get a single advantage

For Firefox, possibly, because Firefox does a good job of updating on old distribution versions. However, for most apps, snappy is incredibly useful. You can get any app (that's snapped) fully up-to-date without messing up your dependencies or the rest of your system, the updates are automatic and silent (completely out of your way), if something goes wrong you can revert an update (with snap revert foo), snaps are confined and so are unlikely to ruin your system (though you have to be careful still and there are more features coming to help with that e.g. verified publishers), snaps are compressed and thus potentially use up less space than Flatpaks, snaps have update deltas to reduce the size of updates (so that's not so much of an issue), snaps have content snaps to reduce the size of them further (e.g. common dependencies like the GNOME platform can be depended on by GNOME snaps) unlike AppImage. Sounds like a lot of advantages to me!

If you seriously separate the container in a sandbox you have no system integration at all

It uses an Android-style interface system, the idea being that everything is blocked by default and then certain holes are punched through per application. The idea being that users trust their apps to do certain things, not have access to their entire non-root filesystem, as GNU/Linux apps currently do, this is a drastic improvement on the status quo when it comes to security!

and i doubt that package maintainer will follow security issues in dependent libraries they use.

That's up to the package maintainers (which is hopefully, most of the time, the original software authors) - as it is on Windows, macOS, iOS, and Android (as far as I'm aware). File bugs when you spot security issues. If they're using stage-packages though then they'll get email notifications when Ubuntu Security Notices are released for those packages (stage-packages currently uses Ubuntu packages).

I have seen so many snap installations that break the sandbox on installation.

If they're not using interfaces that they were given to use, and they're not classic or devmode snaps (which carry warnings), then these are very serious security issues that you need to file (or use Launchpad), the snappy team will take them very seriously and will fix them if they are finding ways to access the system outside of what access the interfaces grant them. Do note, however, that some GNU/Linux distributions don't have all the necessary AppArmour functionality yet, it's being merged into upstream Linux but it'll take a little bit of time to filter down into all GNU/Linux distributions, so try on Ubuntu (which has the necessary distro patches) first.

In my opinion it is a better approach to put effort in solving root causes than hiding and encapsulating problems in containers.

What root causes? If it's having up-to-date applications on a properly stable base, then unless the solution is Nix package manger (which has everything modular so you can have many parallel versions of dependencies installed), I'm not sure how you can do this without doing what snappy/Flatpak/AppImage are doing. New apps sometimes need new dependencies and updating them can break (or produce bugs in) older apps. Containerisation is needed to solve this problem.

---

Also, having said all that, this is off-topic for this repository, please file individual topics (it's hard for the developers to keep track of everything in big posts, so it's better if you split this out into individual issues) as I have requested and there's a good chance that action will be taken on them! :D

[popey]

Gonna close this because it's not useful to be here.