@popey joins me for a fascinating discussion about Snaps. Really worth a watch – I learned quite a bit in just 12 minutes
Umm, because they’re hiding something?
That was a very good interview, @JasonEvangelho. Thanks for asking those excellent questions.
@popey, your points were very well made, and convincing. Thanks for setting the record straight on several un-intuitive, and highly relevant “measures of success”, as you put it. Any snap naysayers would do well to consider these points. Especially about digesting the lessons learned from the whole PPA thing (PPAs were a pretty good solution for their day and age, but I never install from them any longer).
Also, the OP does get answered by Popey. In a nutshell, he says something to the effect of “because it’s a lot of work, and what use is that action, when nobody actually stands up their own installs (such as was the case with Launchpad, after huge, and largely unappreciated efforts to open source it)?”
I am a fan of snaps over flatpak, and have been for quite some time now. And I say this from an MX linux laptop, where I had to go out my way to boot into systemd mode (not the default), just so I could install snapd and some snaps.
What’s my favorite way to install Nextcloud? snap. Not by Docker, and not by hand-installation, all of which I’ve tried.
You can rollback an update of a snap, in case the new update does not work in your configuration. I think, also only the changes to the app are send over the internet and snaps are checked for updates 4 times/day.
Basically you have to start the flatpack from the Downloads or other folder and in case of errors you have to try to find the previous version on the Internet.
To put it bluntly, snaps are for the professionals, while flatpacks are easier to comprehend by the amateurs
Nope, I don’t believe that at all. I think it’s because the reason the Snap store exists would get diluted if it gets into the hands of everyone.
Just listen to his responses.
But also consider what was unspoken but hinted at…
Open sourcing it means the fundamental way Snaps function could be changed. Someone COULD add PPAs to it. Someone could damage app discovery, whatever.
Canonical seems very bullish about this being as dead simple as possible since people love easy app stores where you find something, click it and install it.
I think the reasoning also has something to do with this. It’s Canonical guarding the “brand” and functionality of Snaps, and I think they have every right to do that.
Let me see if I understand you correctly. This comes down to a lack of trust for the open source community? They think they can do it better, so they are keeping this one closed source. If this is the case, then I think it will push the open source community away. It will never gain adoption across all the distro’s as the single, best way to install software.
I do agree that PPA’s are quite untidy, are undiscoverable, and that most users leverage them as a quick way to get the app they are looking installed quickly. I agree that PPA’s are not the way forward.
I, for one, would love to see a single application store that all distro’s use. The last thing I want is to have to have to rely on multiple independent sources for security updates. Too many chances for something important to be missed. By this I mean, too many chances for me to miss something. However, that single source, again, my opinion, should absolutely not be closed-source.
Canonical made a big mistake back when they started tracking users without their consent. I don’t want to debate whether they were right or wrong or whether what they were tracking was a good thing or a bad thing. My point is that they violated their own corporate motto and it was found because the code was open-source. Now, here we find them writing code that is closed-source so that we cannot see what they are really tracking. This is not the way to win back the trust from the community.
Personally, I don’t buy the argument that the work-load to create open-source is that much more than closed-source. This project should have began as an open-source project ( IMHO ). Canonical can fork the project to the open-source community and then maintain their own branch and remain open ( free as in freedom to review the code ). If the project remains closed-source then it will have to accept a certain amount of distrust from the community.
Wanting a single source for apps and also demanding it be open source is a pipe dream in my opinion. Just ain’t gonna happen.
There’s nothing inherently wrong with it being closed source, canonical seem like a good company to me and I trust them. That’s what it comes down to in the end. If you don’t trust or don’t like canonical and they open sourced snaps, people would just find another excuse to dismiss it.
What are you talking about? We never tracked users with or without their consent.
Forgive me for asking a dumb question.
What, other than the snap servers, has Canonical NOT open-sourced?
This is a random question about Snaps, but do they play nice with SELinux? I heard some time back there were issues having a snap with a SELinux context.
Last I used them on Fedora, they worked fine. But I only installed a handful of snaps.
I enjoyed the interview. Can’t agree with the philosophy, though. It worries me when people want to consolidate linux software into a single ‘app store’ or a single distro. To my mind, this puts too much power and control into a single entity. I much prefer the philosophy of different distributions for different tastes and focus groups. Also the freedom of any programmer being able to post their program on their own web page, and average technical users can install it. We don’t need, or want, centralized control.
Then again, I’m probably not Canonical’s target client. I’m suspicious of both snap and flatpak - partly because I don’t understand them. It sounds like they bundle up all the necessary code and dependencies for a program into a package. But what if they bundle in an old component that is vulnerable? What about the wasted space as each snap bundles in the exact same dependencies? What if the snap stops being maintained, and those dependencies are always going to be out of date? @BertN45 said that snaps are checked for updates 4 times a day. I prefer to have much more control of when I use the bandwidth for updating - and of when I want to risk applying updates and possibly breaking things.
There may be some duplicated space as some libraries are used in multiple snaps. One mitigation is that the snaps are compressed on disk. Another is that we have content snaps which allow snaps to share libraries.
We have security scan system in the snap store. Developers who publish snaps which also contain libraries, will get emails prompting them to update their snap, if one of the libraries is found to have known vulnerabilities.
If the snap is no longer maintained, users can report it. Just like what happens with libraries which go unmaintained in every other repository.
The default setting is for snaps to update 4 times a day. You can change that. You can make it update overnight, on weekends, or some other time when you’re not busy using the system.
Can we all agree that, for the first time ever, we are spoiled for actual CHOICE!
Debs, RPM, The AUR, Flatpack, Snaps and AppImage. And dozens of differents distros and DE’s
We have options! This should be celebrated!
The majority of software we make is under GPL or LGPL though. As I said in the discussion with Jason, Launchpad was previously not open source, but was open sourced about 10 years ago now, which you can read about on wikipedia.
Just like any other company there’s a bunch of internal stuff we use that may not be released under an open source license. The majority of what we do is though.
Thank you for answering some of my questions. I feel honored . . . and enlightened.
If my memory serves me it was popcon that created much controversy.
Thank you Alan! I’ll give that Wikipedia article a read tomorrow or Friday. I always love reading up on stuff like this.
Respectfully, perhaps check your facts before throwing around allegations about Canonical doing things like tracking users. We aren’t.