Could you elaborate please. Personally I think snaps are great. The solution sandboxes the application with AppArmor and seccomp mandatory access policies, and the application's dependencies are bundled into cgroups namespace, meaning few to no cross dependency versioning conflicts and a consistent experience. Snaps run a read-only filesystem and updates are transactional, with full rollback to last good state support if necessary.
Actually the snap strict confinement system architecture is so good, it's influence appears to be slowly starting to permeate into unrelated solutions like Kubernetes, which adopted running under seccomp in r1.22.
Sure for graphical desktop apps, snapd is seeing some improvement effort ongoing, but for LXD, I think strictly confined snap adds a needed additional defense-in-depth layer that brings the entire Ubuntu solution up to a reasonable standard for a secure computing deployment following the zero trust paradigm.
[+] [-] 1MachineElf|4 years ago|reply
I'd use it more, but having to rely on snap to install it turns me off. :(
[+] [-] zekrioca|4 years ago|reply
[+] [-] deeesstoronto|4 years ago|reply
[+] [-] grobbie|4 years ago|reply