It’s funny, I’ve been running fedora for the better part of a decade but recently migrated to debian because I guess I’m getting old and conservative and value stability and simplicity (apparmor vs selinux in userspace) a lot more.
As with debian, sometimes the apps you need aren’t in the main repos, so you usually just install them via flatpak and call it a day.
Thing is a lot of flatpaks, altho vetted by flathub volunteers, are just wrappers that are not made by the official developers which might or might not be an issue depending on what tickles your pickle.
Downloading appimages or adding a (trusted) 3rd party repos (the right way) also have their quirks or are not always available.
And then there’s snaps.
I was thinking “religious package wars aside, surely Canonical would be a trusted repo to install the odd package from albeit as snaps if needed”.
Well lo and behold, the universe intervened and youtube recommended me a video:
Apparently Canonical STILL does absolutely no vetting of what’s uploaded to their snap store. What makes it worse at least in Ubuntu they even override the apt command and install stuff as snaps instead if available.
To me this is the most egregious thing Canonical has done. Whatever happened to user choice? If snaps were good enough on its own, people would prefer it over the .deb or other packaging system.
Ikr.
And since the initial sandboxing rules are written by the app developers let me just add an app to the snap store called ‘Apple Music’ and when users find it, install it, it will add some cool things to your .bashrc file that now gives me total control of your user session.
But what do people really expect? Canonical is dwarfed by MSFT and look at the Microshit app store or whatever it’s called. Full of identical scams (I’m not sure fake crypto wallets really constitute malware…).
Foss is not a panacea. I’ve seen people talk about installing random private repos on COPR (or whatever launchpad if Canonical still does that). That’s like expecting that all code posted to github won’t harm your system. Obviously not true…
Exactly. I mean a lot if not most malware is open source and often forks of old malware.
I mean, we nerds solved this problem from the very beginning back in the early unix days: only install software from trusted repositories, provided by your distro maintainer.
Turns out, Canonical and Microsoft are unable to maintain their OS properly, while many unpaid hobby groups can.
Apple too, and Google has gotten better over the years but still lacking some QA.
Like the guy said in the video, it’s a management problem.
Not a tech problem or developer problem. Management just don’t allocate resources where they are needed.
My thoughts are that Canonical is kind of like the commercial “arm” of Ubuntu.
Beyond the ephemeral “creating an ecosystem of software around Ubuntu which might in some way attract customers” they probably don’t see much value in addressing these issues. Far as I know, most of Canonical’s “enterprise” stuff is meant for servers rather than desktop software.
