Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 7:24 UTC (Thu) by abo (subscriber, #77288)
In reply to: Linux Mint drops Ubuntu Snap packages by ras
Parent article: Linux Mint drops Ubuntu Snap packages

Flatpaks can have pretty clear metadata including license information, and Flathub (the main repository) builds everything from specifications that are public in git repos, in a way that should be easily reproducible.

Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 7:49 UTC (Thu) by tsdgeos (guest, #69685) [Link] (8 responses)

Not really, flathub has non free stuff in it too

https://flathub.org/apps/details/us.zoom.Zoom
https://flathub.org/apps/details/com.spotify.Client

Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 8:07 UTC (Thu) by abo (subscriber, #77288) [Link] (1 responses)

It does, yes. But it's clearly marked and even the proprietary packages are reproducible (starting with the upstream binaries).

They could of course split the repo into free and nonfree, like many other distros and third party repos of various kinds do. But that's a choice made by the Flathub maintainers, either way would be possible with Flatpak.

Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 14:58 UTC (Thu) by IanKelling (subscriber, #89418) [Link]

Is there a configuration option or a command line flag I can use to only install freely licensed packages from flathub? If not, then it still has one of the same major problems as snaps.

Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 8:19 UTC (Thu) by ras (subscriber, #33059) [Link] (5 responses)

> Not really, flathub has non free stuff in it too

So does Debian. In Debian non-free there are binary blobs without source that run under Debian (as opposed to being firmware that runs on a different CPU). But that it's clearly marked - in fact not even available unless you manually add it.

Just as importantly the rest (which is the vast bulk of it) is truly open source - meaning it can be built from the source files available from Debian using a one line command, perhaps even reproducibly built.

The difference is not just just philosophical. The availability of source means Debian stable can be truly stable - security flaws have just the change needed to fix the flaw applied, as opposed to an entirely new version. And the open source programs have an audit trail from the binary to the upstream source, usually going back many versions. It's one of the few antidotes we have to Ken Thompson's "reflections on trust".

So the differentiator isn't whether they include proprietary binary blobs. It's whether the flatpacks that are open source preserve all the advantages of open source.

Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 9:37 UTC (Thu) by pabs (subscriber, #43278) [Link]

> security flaws have just the change needed to fix the flaw applied, as opposed to an entirely new version

That isn't always the case, especially for packages that are their own mini-distribution, like modern web browsers such as Chromium or Firefox.

Linux Mint drops Ubuntu Snap packages

Posted Jul 9, 2020 23:01 UTC (Thu) by sheepgoesbaaa (guest, #98005) [Link] (3 responses)

I had never heard of "Reflections on Trusting Trust", and I just read it, really interesting.

PDF link: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_...

Linux Mint drops Ubuntu Snap packages

Posted Jul 10, 2020 15:37 UTC (Fri) by stephen.pollei (subscriber, #125364) [Link] (2 responses)

Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers

Linux Mint drops Ubuntu Snap packages

Posted Jul 10, 2020 23:17 UTC (Fri) by ras (subscriber, #33059) [Link] (1 responses)

David Wheeler's paper is one solution, but I've never heard of an instance of the technique he describes catching anything.

On the other hand, the techniques Open Source has developed over the years has caught a few attempts to slip nefarious code in. Those techniques are:

1. A cryptographically sealed audit trail of every change (eg, git's sha1 sums).

2. Digitally signed commits, so if someone does slip something in you know who was responsible. (This is something Wheeler's technique doesn't give you).

3. Open Source, as in everyone can see and verify the previous two points for themselves.

But the sound of it Snap throws all of this away. In this era repeated of nation state attacks on infrastructure, to me that creates an unacceptable risk. Currently that seems to be a lonely position to take, but I'm betting as we get more Huawei style conflicts arise we see gradual realisation Open Source is the one of the few things that naturally gives rise to trust between otherwise antagonistic parties.

Linux Mint drops Ubuntu Snap packages

Posted Jul 20, 2020 2:29 UTC (Mon) by branden (guest, #7029) [Link]

Fortunately the state of the art has advanced since Thompson coded his Trojan. Here's a paper from 2013:

"We extend the existing formal verification of the seL4 operating system microkernel from 9 500 lines of C source code to the binary level [11,736 instructions]. We handle all functions that were part of the previous verification. Like the original verification, we currently omit the assembly routines and volatile accesses used to control system hardware.More generally, we present an approach for proving refinement between the formal semantics of a program on the C source level and its formal semantics on the binary level, thus checking the validity of compilation, including some optimisations, and linking, and extending static properties proved of the source code to the executable. We make use of recent improvements in SMT solvers to almost fully automate this process.We handle binaries generated by unmodified gcc 4.5.1 at optimisation level 1, and can handle most of seL4 even at optimisation level 2."

https://ts.data61.csiro.au/publications/nicta_full_text/6...