Debian User Forums

Posted: **2019-06-13 18:59**

Ubuntu developer Olivier Tilloy mentioned that the transition from deb to snap is not being debated though, as it's "a firm plan that will eventually save a lot of engineering, builder and maintenance resources by removing the need to build every new version of chromium on all supported Ubuntu releases".

So, they are starting to transition even bigger applications to their snap format. How long before most of software packaged for Ubuntu ends up as snap?
Are they preparing for potential breakaway from Debian at some point in the future?
Sure, Chromium is a big program and hard to compile, I get that. But look at Debian! For how many archs does Debian package Chromium? And all of it spread across 3 branches.
I think Ubuntu devs are getting lazy and too invested in their own little projects. THe gap between them and the rest of the free software community is becoming wider every year.

Posted: **2019-06-13 19:17**

Wheelerof4te wrote: Are they preparing for potential breakaway from Debian at some point in the future?

I thought they did that over a decade ago when they embraced non-free and became binary non-compatible.

Posted: **2019-06-13 19:26**

^Technically, that's true. I was refering to a more concrete distancing, like complete distancing from .deb packages. A lot of packages in their "Universe" repo that are just repackaged Debian packages. Some are even just clean packages from Sid frozen at one point.

I am more concerned for their users, because Ubuntu has become a face of all Linux distros, at least to total newbs.
There are significant problems with snap packages, from performance issues, to theming. And every snap needs to be mounted before starting. Imagine hundreds of mount points acting like user applications.

Posted: **2019-06-14 12:05**

Wheelerof4te wrote:So, they are starting to transition even bigger applications to their snap format. How long before most of software packaged for Ubuntu ends up as snap?

Neither will it happen nor anything. And the theme is similar to the spread of rumors...

Wheelerof4te wrote:Are they preparing for potential breakaway from Debian at some point in the future?

Ubuntu has long been incompatible with Debian.

Posted: **2019-06-14 13:44**

I am firmly convinced that Debian needs to change its internal behavior changing its package system, it was designed almost 20 years ago and the current scenario is totally different respect the one Ian Murdock had to address in order to create Debian. I think Debian must look toward Nix and Guix, those two provide modern, clean and efficient package managers that will not change Debian as we know but they will make Debian better.

Posted: **2019-06-14 15:17**

Danielsan wrote:I am firmly convinced that Debian needs to change its internal behavior changing its package system

What's wrong with APT?

Posted: **2019-06-14 15:19**

Danielsan wrote:I am firmly convinced that Debian needs to change its internal behavior changing its package system . . .

Interesting thought. It was apt-get and the massive repositories that drew me to Debian in the first place and kept me here all these years. I remember the frustration of "RPM dependency Hell." The first thing I look at when evaluating other distros is package management.

One modern option I like is "app" style packages that can be opened and run without installing. It enables testing and using programs without commitment, without disturbing the base system.

Posted: **2019-06-14 15:42**

Danielsan wrote:I am firmly convinced that Debian needs to change its internal behavior changing its package system,

APT is fine, it has served me well. It is easy to learn. I am not a Debian developer, so I won't pretend that I know how the packaging system should change.
What I do know is that snap is not an answer.

Posted: **2019-06-14 15:53**

Head_on_a_Stick wrote:What's wrong with APT?

Wheelerof4te wrote:APT is fine, it has served me well. It is easy to learn. I am not a Debian developer, so I won't pretend that I know how the packaging system should change.
What I do know is that snap is not an answer.

It is not just APT, it is the whole behavior:

Deb packages are hard to create; Deb packages don't provide roll back system; you need root to install packages and you can't install packages per users; you can't confine or containerize packages by default; you can't install easily different version of the same package, you can't have delta updates (not sure if Nix or Guix do it). I mean DPKG and APT were fine twenty years, ten years ago, but not today. We switched from sysvint to systemd for the same reason as well as we are switching from Wayland to Xorg. Simply most of the paradigms of twenty or ten years ago aren't anymore suitable for today. Even Ubuntu today could be delivered with Snap without any deb.

Debian can decide to be passive like happened with systemd or active deciding for its future by itself. If tomorrow Ubuntu is delivered with just snap I am more than sure that Debian will do the same as well. I don't have nothing against Snap but Canonical, and probably Snap is better of DEB/APT even if the maintainers are an inalienable resource, but, from my point of view, if your core parts are all on the hands of the big names you will lose your independence as well as your identity.

Posted: **2019-06-14 16:03**

Danielsan wrote: you need root to install packages and you can't install packages per users

This is the best thing about apt

Danielsan wrote:Debian can decide to be passive like happened with systemd or active deciding for its future by itself.

really?

Posted: **2019-06-14 16:17**

Danielsan wrote:If tomorrow Ubuntu is delivered with just snap I am more than sure that Debian will do the same as well.

Not really, no. Debian is a base for Ubuntu, it's not vice-versa. Also, APT doesn't need to conteinerize applications or install only for users. Linux has an eons-old file permission system in place.

Danielsan wrote:Debian can decide to be passive like happened with systemd or active deciding for its future by itself.

Please don't involve systemd in this, no one mentioned systemd and this is not a thread for that kind of discussion.

Posted: **2019-06-14 16:30**

4D696B65 wrote:This is the best thing about apt

Why?
If I install unstable software on my user just because I want take advantage of some features or for testing without breaking the system and without invoking root to do it, I believe it is a great things.

Posted: **2019-06-14 16:43**

Wheelerof4te wrote:Not really, no. Debian is a base for Ubuntu, it's not vice-versa. Also, APT doesn't need to conteinerize applications or install only for users. Linux has an eons-old file permission system in place.

Mark Shuttlework has declared in several occasions that them are ready to deliver Ubuntu with just Snaps, clearly the bug triage at 0 cost made by Debian is too valuable to throw it into the garbage.

While fix permissions to make a software available for a group instead of another is not is easy as just installing what you need directly per users. Other distros, like OpenSuse, use policies to achieve the same because managing groups to restrict software availability for user isn't really practical.

Posted: **2019-06-14 17:05**

Danielsan wrote:
4D696B65 wrote:This is the best thing about apt
Why?
If I install unstable software on my user just because I want take advantage of some features or for testing without breaking the system and without invoking root to do it, I believe it is a great things.

if it is your computer, do what you want
if it is a server owned by your employer, he/she may have other ideas what you can and cannot install

Posted: **2019-06-14 17:20**

4D696B65 wrote:if it is your computer, do what you want
if it is a server owned by your employer, he/she may have other ideas what you can and cannot install

+1.

Posted: **2019-06-14 17:27**

Danielsan wrote:Deb packages are hard to create

That's because the packaging system is incredibly powerful with lots of features.

Are you familiar with the many helper scripts on offer? Creating a .deb can be very simple if you know the tools.

Danielsan wrote:Deb packages don't provide roll back system

Code: Select all

# dpkg --install --force-downgrade older.deb

Or use your backup.

But rolling back packages is not something that's really needed in stable.

Danielsan wrote:you need root to install packages and you can't install packages per users

How would non-root installations work for packages that provide system files (ie, all of them)?

Do you really want to give hackers that have local access the power to install stuff without gaining root privileges?

Danielsan wrote:you can't confine or containerize packages by default

Try systemd-nspawn or schroot or firejail or apparmor or SELinux.

Danielsan wrote:you can't install easily different version of the same package

I refer the right honourable gentleman to the answer I gave a few moments ago.

Danielsan wrote:you can't have delta updates

https://packages.debian.org/stretch/debdelta

Posted: **2019-06-14 18:05**

4D696B65 wrote:
Danielsan wrote:
4D696B65 wrote:This is the best thing about apt
Why?
If I install unstable software on my user just because I want take advantage of some features or for testing without breaking the system and without invoking root to do it, I believe it is a great things.
if it is your computer, do what you want
if it is a server owned by your employer, he/she may have other ideas what you can and cannot install

I didn't get you...

Posted: **2019-06-14 18:08**

Head_on_a_Stick wrote:[...]

A. The others are equally powerful but easier and better designed, like the Arch Builds System, just because are modern.

B. While rolling back doesn't make sense on Stable makes sense on Unstable or any testing environments. Rolling back on Debian doesn't work properly and at your own risk because DPKG/APT aren't designed for this scope.

C. While snaps works also for system components I am not sure about Nix or GuixSD (the latter is under my study). Installing packages on your home you can have multiple instances of PHP or Krita leaving you core system clean and safe. Packeges installed on the home users are confined so hacker can just mess up with the home users.

D. Firejail is known to be an unsafe container, never used Selinux, while I use systemd-nspawn to test packages however has its limitation, for example it can access to the GPU, at least with the nvidia-drivers, as a matter of fact any application that require opengl I tested simply crashes. It is not designed to run graphics application, as the same Poettering stated, for this scope there's already flatpak by RedHat; but I consider Nix/Guix superiors.

E. He was wrong because Nix/Guix are designed to deploy by default hence are more suitable for working on servers or on a fleet of personal computers.

F. Never heard about it, why is it not install by default? Maybe because it need to rebuild every packages locally, isn't it?

Posted: **2019-06-14 18:22**

Danielsan wrote:Packeges installed on the home users are confined so hacker can just mess up with the home users.

This is completely wrong mate, If the hacker does whatever want on my $HOME for me or someone else is game over.
Don't tell me you mean : let have saved "/" , and leave $HOME alone in hand of hackers because one may put malicious code on snap.

Personal data are important, many save the stuff @ home some others on USB,externalHDD,DVD etc...
Snaps aren't secure, sure it's practical but if my $HOME is exposed to me, it does not matter any more practicality.

Posted: **2019-06-14 18:39**

Nili wrote:
Danielsan wrote:Packeges installed on the home users are confined so hacker can just mess up with the home users.
This is completely wrong mate, If the hacker does whatever want on my $HOME for me or someone else is game over.
Don't tell me you mean : let have saved "/" , and leave $HOME alone in hand of hackers because one may put malicious code on snap.

Personal data are important, many save the stuff @ home some others on USB,externalHDD,DVD etc...
Snaps aren't secure, sure it's practical but if my $HOME is exposed to me, it does not matter any more practicality.

While I am agree with you, and respect this topic there are very few efforts on Linux, my reply makes sense when is related with its contest. But if an hacker has direct access to your home you are f##k anyway, while if a software has a potential bug you can further restrict the access on your home but then you can't save your job anywhere.

Debian User Forums

Canonical goes full snap, Chromium is next

Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next

Re: Canonical goes full snap, Chromium is next