<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<font face="monospace">I second this. Also moving away from Ubuntu
distros.<br>
This started when I discovered that Ubuntu uses
"ubuntu-advantage-..." to install<br>
an opc client to phone home to vendor. Such things could get even
worse with<br>
using snaps.<br>
<br>
Not that snaps are slower and are causing issues. No one checks
them<br>
for security issues. This is true for any "containerized" apps
like AppImage<br>
or Flatpak, though, being a bit more trustworthy. At the end,
packaged<br>
apps are a security nightmare. Imagine a server with 20+
containers<br>
and you have to prove security with an audit on that system. You
would have to validate<br>
all containers separately. If one provider does not maintain the
container<br>
your containerized app will not get any updates!<br>
<br>
A good example is openssl, a very central library/application. Who
patches all the<br>
containers when there are security fixes of it or any possible
data breaches?<br>
If, for example, you run "pure" Debian with all packages<br>
being installed into the system, this will be pushed as a security
fix from Debian update and every<br>
installed app uses this and is therefore also fixed!<br>
<br>
So, all I can say, nowadays a lot of security audits overlook this
issue not guaranteeing<br>
the latest library security fixes and possible data breaches of
app containers.<br>
<br>
Anyhow, this is the advantage/disadvantage in the comparison of
having a containerized app<br>
system or a "centralized" system like it was before.<br>
<br>
</font>
<div class="moz-cite-prefix">Am 02.02.25 um 21:08 schrieb Chris
Green:<br>
</div>
<blockquote type="cite" cite="mid:Z5_QpWax2RaK4jkM@q957">
<pre class="moz-quote-pre" wrap="">On Sun, Feb 02, 2025 at 04:48:48PM +0000, Thom Harmon wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">
How do you use x2go with this problem?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
I know this is not going to be a satisfactory answer...
I struggled with this for months trying to figure out what permissions
needed to be configured for the Snaps apps to work in x2go with no
luck. It seems to be related to access to /run.
For me it was the final straw for Snap and Ubuntu more broadly. I
rotated over to Debian stable (well, Spiral actually) for everything
and if I need an application-level jail I use Flatpak. In only a
handful of cases have I had to use Flatseal to adjust permissions for
x2go compat. Much better experience.
Like I said, probably not a satisfactory answers but sometimes just
knowing that there is an escape hatch available is useful.
Now if I could figure out a work-around for when an app doesn't support
Xinput2....
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">I think this is the 'right' answer even if it isn't a 'satisfactory'
answer. Snap just manages to break so many things in subtle ways that
one is better off without it.
I too left [x]ubuntu because of the increasing dependency on snap for
important applications. I have moved to Debian 12 and am very happy
with it. I have a couple of Appimage based programs but everything
else comes from the Debian repositories.
</pre>
</blockquote>
<br>
</body>
</html>