Snappy Moves to New Platforms
Canonical's Snappy package manager is taking its first steps outside the Ubuntu world. As of now, you can install it on Arch, Debian, Fedora and several other popular distros. And with developers like Mozilla getting behind it, it could soon become a new "universal standard".
Snappy has more than a few fans—and plenty of detractors too. It certainly seems to be stirring up some strong emotions online. Could it be the next systemd?
Snappy is a new type of package manager that takes a very different approach to managing dependencies. Linux package managers make it relatively easy to install and update software. They manage the complex web of dependencies upon which modern applications rely.
But sometimes there are conflicts between different versions of these dependencies. Maybe application A works only with version 2.3.4 of library X. When you update to version 3.4.5, the application stops working.
Snappy aims to solve these problems by running each app within its own ideal environment. It essentially creates a container for the application, providing it with all the dependencies it needs to run. So you can run multiple apps that depend on different versions of the same libraries And, this makes it much easier to deploy an app to multiple environments, such as different Linux distros.
It's a neat idea, but not every loves the prospect of adding another "universal standard". Some say that Snappy violates the UNIX philosophy—programs should do one thing well—but Snappy does several very complex things.
Then there are those who worry about security issues. If a security weakness is discovered in one of the popular libraries, it usually gets fixed pretty fast. Linux distros update their repositories, and users are alerted to download and install the updates.
With Snappy, individual developers must update their app to work with the new version. And, if they are already several versions behind, that can be a long task. The risk is that some apps will continue to run the outdated version, exposing the system to exploits.
In some respects though, Snappy is more secure. As each application is containerized, the risk of cross-process exploits is reduced, but the risks of running outdated software are still real.
What do you think about Canonical's Snappy? Will it become a new universal standard? Should we be worried about the added complexity? Or, is it a bold step into the world of tomorrow?