Why I don’t use Canonical’s SNAP?

Exploring Alternatives: My Personal Journey towards preferred software management beyond Canonical’s SNAP Ecosystem.

In the dynamic world of Linux Software Management, Canonical’s Snap has emerged as a pivotal innovation, reshaping the paradigm of software deployment. It is a cross-platform packaging and deployment system that redefines the way we install, update, and manage software packages, offering a comprehensive solution that transcends traditional methods. Developed by the creators of Ubuntu, This cross-platform packaging and deployment system signifies a departure from conventional package management approaches, introducing a comprehensive framework that addresses the challenges posed by software distribution in today’s heterogeneous computing ecosystems.

The introduction of Snap revolutionized software distribution. Developers welcomed its user-friendly approach, allowing them to directly provide applications to users without relying on Linux distributions. However, this change sparked debates in the Linux community. Some users raised concerns about its impact on traditional package management and control. Despite these discussions, Canonical remained committed to Snap’s development. It became a crucial element in Ubuntu’s desktop, server, and IoT editions, as well as supporting technologies like the Ubuntu Core for IoT devices.

HISTORY

The concept of packaging software for easy installation has deep roots in the Linux community. Early on, systems like RPM (Red Hat Package Manager) and DEB (Debian package) formats emerged, providing a structured way to bundle software along with metadata and installation scripts. As Linux gained popularity, a challenge arose for developers: distributing their software to a diverse user base. Different Linux distributions had their own package managers, necessitating the creation of specific packages for each one. This was a time-consuming process, prompting a desire for a universal packaging system.

In response to this need, Canonical, the company behind Ubuntu, introduced Snappy (now known as Snap) in December 2014 alongside the release of Ubuntu 16.04. The primary objective was to address the limitations of traditional package management systems. Snap aimed to provide a universal packaging format that could function seamlessly across various Linux distributions.

One of Snap’s key innovations was its confinement model, which ensured that each package operated within its own isolated environment. This isolation prevented potential conflicts with other software on the system. When a developer creates a Snap package, they include all the necessary components for the software to run smoothly. These packages function in isolated environments within your computer, ensuring they don’t interfere with other applications. The Snap Store is like a one-stop shop for a wide variety of software, where developers can share their packages for anyone to download and use. Additionally, Snap introduced atomic updates, enabling packages to be updated as complete, transactional units. In the event of a failed update, the system could revert to the previous version, preventing partial or unsuccessful updates.

The snapd, a core component of Snap, was designed to handle automatic updates. It ensures that users always had the latest versions of their softwares, enhancing security and compatibility. While Snap was initially associated with Ubuntu, Canonical’s vision was for it to be a cross-distribution solution. As a result, snapd was made available for other Linux distributions. This expansion allowed developers to create Snap packages that could run on a wide range of systems. Snap packages are always up-to-date, thanks to snapd. Snap packages are kept in their own little world, away from the rest of your computer, which keeps everything secure (partially). These packages work on any type of Linux, so you don’t have to worry about compatibility issues. Users also have the flexibility to use Snap packages alongside other software, giving them freedom in how they install and manage their programs. Overall, Snap makes it easy to get and use software on your Linux system, offering a smart and organized way to keep your computer up-to-date with the latest and best programs.

THE PREFACE TO SNAP

In the spirit of critique and deep analysis, I’m taking a similar approach just like Dr. Samuel Johnson. He wrote a book named “The Preface to Shakespeare” which stands as a pillar of appreciations and literary criticism, revered for its meticulous examination of Shakespeare’s opus. Johnson’s discourse was marked by its depth of insight into character intricacies, plot dynamics, and a keen awareness of the theatrical norms of the time. However, I’m shifting the focus from old plays to something more current: how software is organized and used in Linux. Specifically, I’ll be examining the Snap package system.

In drawing parallels to Johnson’s discerning examination of Shakespeare’s contributions to literature, I delve into the intricacies and nuances of the Snap package system. This innovative approach to software distribution has redefined how applications are managed in the Linux environment. However, much like any creative work, it is not without its points of contention. I delve into the intricacies of Snap packages, uncovering both their strengths and potential areas for improvement.

1. Resource Consumption

Snap packages tend to use more space on your computer compared to conventional package management system on Linux Ecosystem. This means they take up more space on your hard drive and use more of your computer’s memory. This can make your computer feel slower, make it feel less responsive. This happens because Snap packages are self-contained that designed to contain everything in a program that needs to run, including its dependencies and libraries. While this makes them very convenient and easy to install and use, but it also means that they can take up more space and memory on your computer. This extra usage of resources might slow down your computer a bit, especially if you’re working with multiple Snap packages at the same time.

It’s like if you have a shelf in your room, and instead of neatly arranging your books, you put each book in its own separate box. It’s organized, but it takes up a lot more space. So, while Snap packages are convenient, they do have this trade-off in terms of resource usage. This can be a consideration, especially if you’re working with a computer with limited space or memory.

The resource consumption of Snap packages has a direct impact on their overall performance, often resulting in a noticeable sluggishness. When a user install a Snap Package, it includes all the necessary files and libraries it needs to run which usually called as “all-in-one” approach that makes it convenient and it can leads to larger package sizes, taking up more space on your hard drive. Now, when a user open a program packaged as a Snap, your computer has to load all of these bundled files. It like having a large box of toys, but you have to take out each toy just to play with one. This can take more time and make the program feel slower to start. Moreover, the self-contained nature of Snap packages means that they may use more of your computer’s memory when they’re running. This can further contribute to the feeling of sluggishness, especially if you’re running multiple Snap applications simultaneously.

2. Security Considerations

One of the primary security concerns with Snap packages arises from the centralized distribution model. All Snap packages are distributed through the Snap Store, which means users rely on the trustworthiness and security practices of Canonical. In case of any compromise or breach in the Snap Store infrastructure, malicious packages could potentially be distributed to users. While Snap packages undergo automated and manual reviews (partially) before they are published to the Snap Store, the level of scrutiny may not be as comprehensive as that of Debian maintainers in the apt repository. This could potentially result in the inclusion of packages with undiscovered vulnerabilities or malicious intent.

Snap packages are designed with a sandboxing mechanism to enhance security by isolating applications from the rest of the system. However, the effectiveness of this sandboxing relies heavily on the confinement policies set by the Snap developer. If these policies are misconfigured or too permissive, it could potentially lead to security vulnerabilities. Snap packages encapsulate all of their dependencies, ensuring that they have everything they need to run. While this reduces potential conflicts, it can also introduce security risks. If a vulnerability is discovered in a shared library, it must be addressed separately in each Snap package, potentially delaying the deployment of critical security updates.

Due to the self-contained nature of Snap packages, updates to underlying libraries or components may not propagate uniformly across all Snap packages. This can lead to a scenario where security patches are not promptly applied to all affected packages, leaving them vulnerable until updates are released. Users must place a high level of trust in the Snap Store and Canonical as the gatekeepers of Snap packages. Unlike apt, where users can choose from a variety of repositories or even host their own, Snap users are limited to the Snap Store as the official source. Any breach or compromise of this central repository could have widespread security implications. With Snap packages, users have less control over the package installation process compared to apt. This can be a security concern, as users may be less able to audit the contents of a Snap package before installation. Snap packages can sometimes include additional files or permissions that may not be necessary for the application to function. This can be a security concern as it could potentially lead to unintended behaviors or exposure of sensitive information.

The lack of open-source nature in Snap packages raises valid security concerns. Users are dependent on the integrity and security practices of Canonical and the Snap Store, as they lack the ability to independently verify the code. This lack of transparency can potentially lead to delayed detection of vulnerabilities and poses a risk of including malicious code in closed-source packages. It’s important for users to weigh these concerns against the convenience and benefits of using Snap packages.

3. Open Source Transparency

Snap, while providing a convenient and self-contained way to distribute software across different Linux distributions, have raised some discussions within the open-source community due to their not being fully open sourced. The absence of open-source status for Snap packages signifies a fundamental lack of transparency. Unlike many other package formats used in Linux, Snap packages are not entirely open source.

Snap packages exhibit a dual nature concerning open source because the core components of Snap, including the `snapd` daemon and core software, are open source. This means that their source code is freely available and can be viewed, modified, and redistributed by the community. However, the Snap Store, where applications are hosted and managed, remains under the control of Canonical, thus introducing a centralized element that contrasts with the decentralized nature of traditional open-source repositories. This means that while the underlying technology is open source, the central repository for Snap packages is not fully open source.

The main implications of Snap not being entirely open sourced lie in the degree of control and scrutiny that the community can exert over the platform. With closed-source elements, there’s a level of dependency on Canonical’s decisions and practices, potentially limiting the community’s ability to contribute or audit certain aspects of the Snap ecosystem. In contrast, closed-source software, such as Snap packages, withholds the source code from user inspection.

In the case of Snap packages, developers submit their packages to the Snap Store, where they undergo automated and manual checks by Snap developers. These checks ensure that the packages adhere to Snap’s confinement policies and packaging standards, as well as verifying the legitimacy of the package contents. This automated review employs a set of predefined criteria to ensure adherence to Snap’s confinement policies and packaging standards. Unlike, Packages in traditional repositories are signed by maintainers, allowing users to verify their authenticity and ensuring they have not been tampered with during download. This means that the maintainers of these repositories are responsible for ensuring the packages meet security and quality standards. This lack of transparency means users must place an unwavering trust in the Snap Store and the developers responsible for the packages. While Canonical, the parent company of Snap, may assure users of their rigorous security practices, users are essentially reliant on these assurances without the ability to independently verify the code’s integrity.

In a closed-source environment like Snap, users are effectively deprived of the means to independently validate the code contained within a Snap package. Unlike open-source software, where users can freely examine the source code to ensure its legitimacy, they are left with no recourse for direct verification. This scenario places a significant degree of trust in the Snap Store and the developers who publish the packages. This absence of independent verification can be a notable security concern, particularly in an era where cybersecurity threats are ever-evolving. If a malicious or compromised package were to infiltrate the Snap Store, it could potentially go undetected, leaving users vulnerable to a range of potential security risks.

The inability to inspect the source code of a Snap package engenders a troubling uncertainty: there is no definitive means to guarantee that a package exclusively carries out its intended functions. In a closed-source environment, malicious actors could surreptitiously embed harmful code within a Snap package. These nefarious activities could span from covert data collection to more overt and damaging actions. The potential for malicious code introduces a considerable element of risk for users who may unwittingly install a seemingly innocuous package, only to discover that it harbors concealed malevolent behavior.

Open-source software provides users with a degree of freedom and flexibility that is not inherently present in closed-source environments. With open-source code, users have the liberty to modify and adapt the software to suit their specific requirements. This autonomy empowers users to tailor the software to their unique needs and preferences. In contrast, in a closed-source environment like Snap, users are more reliant on the decisions and updates provided by Canonical. This dependency may potentially lead to a form of vendor lock-in, where users have limited flexibility in addressing security concerns or adapting the software to their specific use cases. This can be a notable consideration for users who value customization and flexibility in their software choices.

What package management system do I use then !

When it comes to managing software on my Linux System, I prefer to use apt (Advanced Package Tool) which is Debian-based package management system has proven itself time and again for its efficiency, reliability, and robustness. In 1998, Ian Jackson and Jason Gunthorpe introduced apt as part of the Debian project. It was designed to automate the process of fetching and installing software packages, along with resolving dependencies. It works in conjunction with dpkg, the Debian package manager responsible for handling the installation and removal of individual software packages. dpkg focused on low-level operations, while apt operated at a higher level, managing repositories and dependency resolution. The aptintroduced the concept of software repositories, centralized collections of pre-compiled packages. This enabled users to access a vast library of software with a simple command. When you want to install something, apt checks if it needs any other programs to work properly. If it does, apt gets those too. It’s like making sure you have all the right ingredients before starting to cook. Once everything is ready, apt installs the program for you. It can also keeps your software up-to-date. If a newer version of a program is available in the repository, apt fetches and installs it for you. This way, you always have access to the latest features and improvements. If you no longer need a program, apt can remove it along with any extra files it brought along. This helps keep your system clean and organized.

One of the aspects of APT that I value most is its flexibility in version management. With a straightforward command, I can choose to install a specific version of a package. This level of control proves invaluable, especially when I’m working on projects that require precise compatibility with particular software versions. APT goes beyond mere installation; it integrates installed software seamlessly into the system. This ensures that applications function harmoniously with the core of the operating system. The result? A stable and optimized environment where resources are utilized efficiently. Unlike some other package managers, APT excels at resource management. By leveraging shared libraries and system components effectively, it minimizes redundancy and bloat. This translates to faster downloads, less storage usage, and quicker installations.

In my experience, APT has proven itself time and again as a reliable and efficient package management system. Its knack for dependency resolution, seamless integration, version control, and resource optimization makes it my go-to choice for managing software on my Linux system. It strikes the perfect balance between user control and system stability, making it an invaluable tool for developers, enthusiasts, and system administrators alike.

Conclusion

In conclusion, navigating the world of package management on Linux, particularly with the introduction of Snap, has its strengths and intricacies. One significant development is the transition of the most popular packages to Snap, signaling a paradigm shift in how software is distributed and managed. While Snap offers convenience, it’s not without its challenges. Many users have voiced concerns about its perceived sluggishness, prompting them to explore other options.

Moreover, Snap has sparked numerous controversies within the Linux community. Opinions vary widely, with some embracing it as a progressive step forward, while others view it as a departure from the traditional open-source ethos. The decision to use Snap ultimately rests with you, the user. It’s a personal choice that hinges on your specific needs and preferences. Understanding that most users have diverse thoughts and opinions on this matter is essential.

In this dynamic landscape, remember that the essence of Linux lies in its flexibility. You have the power to shape your computing environment to reflect your individuality. Embrace the choices available to you and forge a Linux system that aligns seamlessly with your computing needs and beliefs.