this post was submitted on 20 Sep 2024
351 points (90.9% liked)

linuxmemes

21169 readers
440 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [โ€“] [email protected] 5 points 1 month ago (1 children)

    Because the separate installation means you can actually end up with both an apt installed and a snap installed.

    My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto.

    Yes, canonical provides both. Guess what? They screwed up, and introduced several vulnerabilities, and you ended up with both a snap and apt installed docker.

    The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

    [โ€“] [email protected] -1 points 1 month ago

    Because the separate installation means you can actually end up with both an apt installed and a snap installed.

    This is something that can happen any time you have multiple package managers or even multiple repositories in the same package manager. Google's official Chrome apt repo has debs for google-chrome-stable, google-chrome-beta and google-chrome-unstable, quite intentionally.

    My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto

    Can you provide a link to a source about that? I can't find anything about it.

    and you ended up with both a snap and apt installed docker

    If you installed both the docker.io package from apt and the docker snap, yes you wound up with both. Just as if you install both google-chrome-stable and chromium you'll end up with two packages of (almost) the same browser.

    The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

    Then I'm gonna ask that you elaborate what specific problem you're trying to explain here, because these seem pretty contradictory.