Solus using Snaps Which is Developed with Support from Canaonical

sneakycrab

brent I am sorry could you clarify the last 2 questions? I didn't get what you were asking 😅

sneakycrab

arkhenius I appreciate you trying to answer my question. 😄

Harvey

To be perfectly clear I'm not a member of the Solus team so take what I say with a grain of salt.

1) Does the Developer community of Solus have any way to metagate potentially Cananocial collecting user data while downloading the snaps from Snapcraft through the terminal?

Snap is for third party, how would one mitigate what isn't in the repository?

2) Will Solus community try to find an alternative to Snaps where user data is not taken lightly?

In addition to snaps there is flatpak and appimage. Once again these methods exist for things Solus does not support.

3) Are the Solus developers aware that Cananocial's history

I'm sure that the developers are very aware of one of the largest companies in this space.

4) Is Solus as an organization willing to take a stance on how to minimize data collection or promote as miniminal of user collection as possible?

Well considering they refused a simple addition of something similar to what debian has that is opt-in and tracks package popularity, and has publicly stated many times they do not track... What more of a statement do you want? A audit of every line of code in every application before it is included in the repository or updated? If you think ANYONE is doing this for ANY distro, you're insane.

5) Will Solus follow the same path that Deepin, Ubuntu, and many others are following, Open Source with data collection as a feature?

Read answer to 4.

6) Will solus implement a similar solution to updating the repository developers of who is using their repos or software by having the software center every week update the main servers, that an unknown user, has installed the software, and that the software is either a new install (less than a week) or a new install (longer than a week) as a way to metagate user data collection?

I don't even understand what you're saying here.

Other than that, if you've got such a hard on for RedHat and think they're doing things the right way. Why are you even wondering what Solus does? Use their stuff, I did for years, use what you're happy with.

sneakycrab

Harvey For #6 i forgot to say that Fedora is going to implement a solution where rather than using IP address to determine if you have download a repo for a period of time, is have a software locally that will update the main servers that you have a file installed for a certain period of time. That way we don't know where the person is located, but we have an acurrate number of how many people are using each repo, or software, etc. What i am essentially asking is if Solus community will implement new methods like this to metagate potential data collection.

The reason why i want to know what Solus does, is that because if it is in a similar direction as Red Hat Enterprise, then I will support, spread the word about Solus, promote it, work alongside with them, and be defending them if anyone accuses them of mishave.

That is why i wanted to check about those kinds of questions, yes they seem very obvious to answer, my goal was to see what the direction that Solus is going to take in the linux community where they are essentially competing with many linux distros.

kyrios

Solus also uses AppArmor (for example) that is developed by Cannonical and straingely, you don't complain about that while snaps - which is something that you don't have to install if you don't like it - seems to be a problem for you.
If you look at the 3rd party repository, you'll find things like Google Chrome, Skype, etc... These apps are there because there is a demand for them, just like snaps packages, people can decide to install them or not, this is also freedom, isn't it?

Personally I would be much more concerned by the snap packages themselves (i.e: some may eventually contain malwares) than from the snap store.

So you think they track everything you do... Have you checked your network traffic and found any evidence of that? Because here is what they say about it:

There is no “telemetry”. All the store gets from you is your ip address, a system-key, snapd’s user-agent, and for the refresh endpoint, the snaps you have installed. If you’ve logged in to snapd and the store (via snap login) it’ll also get a macaroon (like a session cookie).

If you set SNAPD_DEBUG=1 and SNAPD_DEBUG_HTTP=7 in snapd's environment you can see the body of requests sent to and received from the store, and inspect them.

There are alternatives to snaps: main repository, flatpaks, appimages, building software from source...

Regarding Solus itself, it doesn't collect any data and has no intention doing it. And nope, Solus developers never heard about Canonical, it's not like some of their developers do contribute to the linux kernel, gnome or closer to Solus on projects like Budgie or the Brisk menu only to mention a few example. 😉

sneakycrab

kyrios I did not know that AppImage was developed by Canonical. I was researching it today but i did not run into it. I really appreciate the update thanks a bunch 😂

Now I will add AppImage to my collection of things to avoid.

My other issue is the system key, snapd's user-agent, ip address, is that there is no one that is coming in to validate that they are actually performing this. The reason why i am suggesting this is because Canonical has a history with data collection.

What I meant about have they heard of what Canonical is doing, i meant it like in a way like how Linux Mint made a post saying even though we use Ubuntu, we do not agree with this and will remove the features. I meant it in that way.

But man, I really appreciate you pointing out the fact about AppImage. Is there an easy way for me to find out which organizaiton does what? So that way I don't attack snaps only, like i did today? and attack rather every fault?

Thanks. 🙂

sneakycrab

kyrios Could you also link an article or something that AppImage wasy developed by Canonical. I am having troubling find this out myself.

Harvey

sneakycrab My other issue is the system key, snapd's user-agent, ip address, is that there is no one that is coming in to validate that they are actually performing this. The reason why i am suggesting this is because Canonical has a history with data collection.

The burden of proof lays with the accuser.

We get it, you don't like Canonical. You don't trust snaps. I don't trust snaps either, but its more that I want to make sure that the upstream developer is actually behind the snap, not some random person on the internet.

Perhaps I'm mistaken but for all the shitty things Canonical have done, I don't recall them lying about it.

CorvusRuber

sneakycrab

sneakycrab did not know that AppImage was developed by Canonical. I was researching it today but i did not run into it. I really appreciate the update thanks a bunch

AppArmor is from Canonical, not Appimage.
And lose the paranoid attitude, there's only one "solution" to this "problem" if it's so troubling for you.

Justin

There is no data collection.

Justin

We cannot control what Canonical track via Snaps.

Justin

CorvusRuber Not even that will help some. Disconnection is the only solution.