On Thu, 16 Jun 2016 15:44:11 -0400, you wrote: >On 06/16/2016 03:09 PM, Alexander Larsson wrote: >> You seems to think about a different "security" than what flatpak >> provides. Say you run a game, packaged by fedora. Its nicely packaged >> and reviewed, so you're not running unreviewed, unsigned scripts as >> root to install it. This is traditional "unix security". >> >> However, if the game talks to the network and has bug, it can still >> easily be attacked and the resulting powned process has full access to >> your ssh keys, your email containing private info, your gpg agent, etc, >> etc. >I get that, but as I said, RPM can have sandboxing too, and so far it >looks like the main vulnerability vector is unpatched software. Flatpack >wouldn't have helped with heartbleed, and the right remediation for it >was rapid patching---which was hampered by all the bundled SSL libraries >even without many containers in the mix. > >I do see the utility of containers, and realize that properly curated >containers can be patched as well as native packages. It's just that I >am concerned that they will diffuse responsibility for patching so much >that effectively curation will fail. To me though you are talking about an ideal world where everything is properly packaged into rpms and everybody deals with security issues promptly. There is a lot of evidence however that we aren't living in such an ideal world, and as a result there is a lot of software installed outside of rpms that rarely gets updated. How much of this self installed software would get updated when the next vulnerability is found (or for that matter, how much self installed software still has old bundled SSL exposing systems)? So while Snap / Flatpak / Docker may mean 50 different copies of a library need to be fixed, the fact that those packagers (presumably being as responsible as existing rpm maintainers) actually release new fixed versions might actually mean systems will be far more secure than currently. Is it perfect? No. In fact I think the biggest problem with Flatpak is that it is restricted to GUI apps, which might make Snap more attractive to end users. But it is a step in the right direction to solving an existing problem and making systems more secure. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
