Hi, mostly i use REHL based distros like Centos/Rocky/Oracle for the solutions i develop but it seems its time to leave…

What good server/minimal distro you use ?

Will start to test Debian stable.

          • sneakyninjapants@sh.itjust.works
            link
            fedilink
            arrow-up
            9
            ·
            2 years ago

            Snaps are pretty terrible IMO, so I usually end up bootstrapping a custom Ubuntu image without snap for this reason (and others) for my cloud images. Definitely not general purpose though.

            • itchy_lizard@feddit.it
              link
              fedilink
              arrow-up
              14
              ·
              edit-2
              2 years ago

              Go to the snap site and try to find a security section that describes how snap packages are signed. You won’t be able to find it because it doesn’t exist, and they don’t highlight their own security vulnerabilities.

              What I can cite is how this should work, for example how apt signs all packages by default

              Note how in the above doc there’s a message

              WARNING: The following packages cannot be authenticated!
              ...
              Install these packages without verification [y/N]?
              

              That doesn’t exist in snap because snap does not authenticate downloads. It’ll just happily install something maliciously modified.