>You can have very secure deb packages by having default-deny apparmor rules.
Nobody would do this on a desktop because it is massively inconvenient to go through every single app you want to run and debug which app armor rule that it's violating. Even when running a service with a pre-written app-armor profile you usually have to spend a while to figure out what the hell went wrong.
Flatpak's sandboxing is a complete joke and is entirely voluntary. Snaps have sane and granular permissions interfaces that you can easily toggle on and off. Canonical is actually enforcing auto-connect rules for the more potentially dangerous ones in their store. If you want to get a classic confined app in the store, it actually has to be approved by their security team.
These things are GREAT for security, which, to be quite frank, is a complete fucking disaster on Linux desktop. X11 is a massive security hole, no real mandatory access control, no sandboxing for apps, local privilege escalations out the wazoo, a quadrillion open security bugs in the kernel. Sure, you can try and set these things yourself, but that relies on the USER to properly configure these things, and if you don't know exactly what you're doing and screw it up (and there are no reliable, consistent guides on how to do these things), then you're just as insecure as you were before.
We're just fortunate that Linux on desktops aren't popular enough to be targeted, because we'd just be getting constantly owned thanks to this massively outdated security model. Windows is actually doing the security model a whole lot better these days, but their popularity and their tendency to implement them poorly and with bypasses to preserve backwards compatibility kind of cancels that benefit out.
It's a real shame that snaps have not taken off. If flatpak wins, and they don't massively overhaul the damned thing to actually add some semblance of sandboxing with permissions controlled by the user, then we're doomed.
Snaps have already taken off in a big way. Many individuals, companies and enterprises have selected Snap because of secure sandbox and automatic updates.
It is just that FUD from Linux Mint causes many HN articles with FUD.
Yeah, but Linux Mint still has snapd removed by default and refuses to support it; so do most of the other popular downstream distros (PopOS, elementaryOS) for desktops. Together, they have way more desktop share than Ubuntu does.
Sure, there are other distros not based on Ubuntu that technically support snapd, but I have yet to encounter one that does it well; Manjaro's still breaks on many snaps, Fedora's snapd stopped working completely for over 3 months and nobody noticed. Pretty much nobody but Ubuntu users actually care about snaps; Flatpak has way, way more support and penetration than snaps do, and it looks as if that isn't going to change any time soon due to Canonical's refusal to open-source the snap store. I don't think snaps have much of a future as a widely-supported method of package distribution if this doesn't change.
Nobody would do this on a desktop because it is massively inconvenient to go through every single app you want to run and debug which app armor rule that it's violating. Even when running a service with a pre-written app-armor profile you usually have to spend a while to figure out what the hell went wrong.
Flatpak's sandboxing is a complete joke and is entirely voluntary. Snaps have sane and granular permissions interfaces that you can easily toggle on and off. Canonical is actually enforcing auto-connect rules for the more potentially dangerous ones in their store. If you want to get a classic confined app in the store, it actually has to be approved by their security team.
These things are GREAT for security, which, to be quite frank, is a complete fucking disaster on Linux desktop. X11 is a massive security hole, no real mandatory access control, no sandboxing for apps, local privilege escalations out the wazoo, a quadrillion open security bugs in the kernel. Sure, you can try and set these things yourself, but that relies on the USER to properly configure these things, and if you don't know exactly what you're doing and screw it up (and there are no reliable, consistent guides on how to do these things), then you're just as insecure as you were before.
We're just fortunate that Linux on desktops aren't popular enough to be targeted, because we'd just be getting constantly owned thanks to this massively outdated security model. Windows is actually doing the security model a whole lot better these days, but their popularity and their tendency to implement them poorly and with bypasses to preserve backwards compatibility kind of cancels that benefit out.
It's a real shame that snaps have not taken off. If flatpak wins, and they don't massively overhaul the damned thing to actually add some semblance of sandboxing with permissions controlled by the user, then we're doomed.