snapcraft.io
snapcraft.io
snapcraft.io | snapcraft.io | |
---|---|---|
3 | 1 | |
125 | 128 | |
- | - | |
10.0 | 10.0 | |
over 1 year ago | over 1 year ago | |
JavaScript | JavaScript | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
snapcraft.io
-
Deepin has their own packaging format now.
Technically, it hasn't been "proprietary" for a long time. snaps came out in 2014 or so. Snapcraft.io (aka "the backend") has a github repo with commits going back to Aug 16, 2017.
-
Absolutely proprietary
Technically, they aren't proprietary, even snapcraft.io is open source, it's just a walled garden. But so much else wrong with snaps, so picture still more or less accurate
-
Why is everyone all of a sudden using Fedora?
Technically, they're not really "proprietary" (even the snapcraft.io "store" / backend has gplv3 code on github) ... they're still shit, but not proprietary. It think "walled garden" or "locked down" would be more appropriate phrasing.
snapcraft.io
-
Nix on the Steam Deck
Commits are not signed. Nothing stops a malicious Github employee or bribed maintainer from making a fake PR as someone else then approving it themselves or serving manipulated git history only to CI systems.
Major supply chain attacks like this have happened in lots of other package managers and most OS package managers at least learned their lesson and signs everything. Operating systems are used in multi billion dollar applications, so they are a huge target for attack.
* Gentoo: https://archives.gentoo.org/gentoo-announce/message/dc23d48d...
* Debian: https://lists.debian.org/debian-devel-announce/2006/07/msg00...
* NPM: https://eslint.org/blog/2018/07/postmortem-for-malicious-pac...
* PyPi: https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_...
* Ubuntu Snap: https://github.com/canonical-websites/snapcraft.io/issues/65...
* Arch Linux AUR: https://lists.archlinux.org/pipermail/aur-general/2018-July/...
What are some alternatives?
dnf5 - Next-generation RPM package management system
fedy - Fedy makes it easy to install third-party software in Fedora.
bookworm - The Universally Accessible document Reader