Why isn't the Snap Store open source?

Oh, I did. A quick search shows many discussions about this…

I’m not going to debate the truth or fact behind anything spoken or written in the links above, I added these just to show the controversy that it caused.

1 Like

In all fairness, I used the term tracking users very loosely. I didn’t mean PII in any way. I probably should have elaborated more by saying tracking users choices and tracking users hardware.

Don’t believe everything you read on the Internet.

3 Likes

I think if you are going to make comments that canonical track users without consent, as though it is fact, then you should be sure that the links you provide are factually correct. You shouldn’t link them and then say you’re not going to debate whether they are factually correct or not.

1 Like

My point was that it created controversy and now here we are discussing closed-source software.

You’ll have to form your own opinion from your own research. I’m not going to try to convince you either way.

In the case of flatpaks, They are packaged in a container with the software runtime (ex; gnome’s runtime ) along with the dependencies and all necessary to build the package.

The flatpaks are sandboxed and carry an SELinux label. As for old/ vulnerable/ deprecated dependencies, thesandboxing helps their because they are isolated from the system. In many cases you can have different versions of software on your system without conflict due to it’s sandbox.

As for space. Flatpaks have delta updates, for example: I use flatpaks for all gnome software available. I only need 1 runtime so the so it references the 1 i have in the system and uses it. Same for python tools commonly used in app etc.

For Flatpaks, if they stop being maintained ( i see you sqlbrowser ) You can still run the software. You can even rebuild it if need by using the .yaml or .json file. You can even consider it “finished” software and keep it sandboxed, isolated in your system. Which i have done in the case of sqlbrowser which has not seen an update in 3 yrs, but this is a tool that really doesn’t need to be touched in my opinion so a flatpak is perfect for this.

I can only speak on flatpaks as I build my own and have picked up several abandoned projects as well.

What a time to be alive.

I think that’s one phrase we should not use loosely, especially since it can be such an abrasive topic with a lot of nuance.

3 Likes

Point taken, but the overall intent still remains. Canonical began ‘tracking’ and was caught because the code was open-source. Now, it is closed-source.

This is the main point of the discussion.

1 Like

Isn’t that an argument against the foundation of Linux itself? For example if Debian adopted this thought pattern there’d be no Ubuntu. I understand the upsides of closed source but I can’t imagine the ideals that gave use the kernel, distros, apps and libraries were somehow less optimal than a closed garden approach. Maybe i’m missing something here?

2 Likes

These are strange times when a major Linux distro is advocating for closed source. Ubuntu may get all the heavy lifting done for Microsoft’s PR department lol.

I think that is the main point here.

Canonical, a major contributor to many open-source projects is complaining that open-source is to hard.

Does this mean that we should expect to see more closed-source work from them?

Canonical does not like, that criminals could run repositories with corrupted software.
You have no point, you just another zealot of Open Source.

If I didn’t have a point you would not have posted.

Why do you think Canonical would have to allow criminals to run repos with corrupted software? I have not seen or heard of this anywhere.

Some here don’t seem to realize that open-source does not mean lack of control or oversight. Many open-source projects have an steering committee, if you will, that approves which changes get merged and which do not. When a specific change does not get approved and someone decides that they want that change, they can fork the project to create their own. The original branch still remains under control.

Am I an open-source zealot? Absolutely, by choice.

If you open-source the snap repository, anybody can start a repository. If somebody believes that Linux users are a great target to steal from, they could set up a repository with hacked software. If Canonical runs the only repository, that is far more difficult. They could run security checks on all software in that repository.
My point is not the quality of the open source but the vulnerability of all those repositories, some badly maintained, some outdated and some with cleverly inserted malware.
Zealots often lack common sense :slight_smile:

I took a moment get my thoughts down in a more constructive and easier to parse way…

  • The decision to open source LaunchPad was admirable, though I think the argument is the work shouldn’t have been necessary had open source been prioritized from the start. I think you eluded to a lot of overhead in making it open source from the start though? I may have heard that wrong.

  • I agree increasing adoption is a good reason to open source but I don’t think it’s a definitive reason.

    • Baring in mind Ubuntu’s size and HQ location… open source offers a degree of protection against the UK’s Investigatory Powers Act and if relevant Australia’s Assistance and Access Bill which enable these gov’ts to compel individual contributors to insert vulnerabilities and back doors under gag order and threat of jail. The U.S. version being the NSL which compels companies. As Snowden puts it, developers in a modern era need to write software that doesn’t require people to trust them.
    • It’s critical for getting more eyes on the code for spotting vulnerabilities or by the least confirming known vulnerabilities aren’t present.
    • It opens things up for external collaboration.
    • It enables Linux devs to learn new concepts and experiment which may come back around to benefit Canonical.

https://www.theregister.co.uk/2017/08/10/gchq_techie_deputisation_powers/
https://en.wikipedia.org/wiki/Mass_surveillance_in_Australia

  • I think the discoverability problem can be solved in one of two ways… Flatpack repos also serve as an example of how this is resistant to the radically decentralized PPA problem.
    • Method 1: (easiest) A standardized method for Snap repos to sync packages with other repos based on mutual whitelists and space quotas so each client need only access one repo to access their collective packages. This also eliminates the “orphaned software” problem.
    • Method 2: When a client searches for snaps it uses a user editable whitelist of repos to search from. This list can come pre-packed with recommendations and updated by the maintainer with a confirmation prompt. The origin of the snap would be listed and duplicates stacked in whitelist order.

I’m not presenting any of these as problem-free solutions, merely as a better alternatives both ethically and financially for somewhere between radical decentralization and centralization.

1 Like

Person attacks aside, open-source will always be more secure due to the visibility.

Now, you and I can agree to disagree and that is fine, but I will not continue to debate this with you.

Jeez dude. You’re making more claims that aren’t true. Please, rather than just post links to random news articles, tell me exactly how we have been “tracking” people. Explicitly. Because right now you’ve provided no evidence whatsoever, and when pushed you just keep repeating it.

3 Likes

No, I will let this thread die right here. This conversation isn’t productive.

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

I think the actual store is Open Source, just not the applications. It’s just suppose to be an easy way for developers to put close source apps on Linux sincere there are different requirements for all these distros.