[kwlug-disc] The Ubuntu model

[Chris Frey]

In reading about Ubuntu and Snappy, I came across this URL:

     https://penguindroppings.wordpress.com/2015/01/30/snappy-app-trust-model/

which said:

     * we want to replace the distro archive model with an app store model
       for Snappy systems

To me, this sounds like more of a marketing decision than a technical one,
but it has some interesting consequences and advantages from a
technical perspective too.

If you're a security semi-paranoid like me, if you're running software
for the first time, which you don't yet trust, you'll either throw
it in a VM if it is big enough, or you'll create a new user on your
system, in which you'll run the app.  For me, this is the simplest
method of isolating apps, which also has the most basic and longest
available security mechanisms in place.  This form of app / data
separation existed as long as Unix did.

So when you read this:

	https://developer.ubuntu.com/en/snappy/tutorials/build-snaps/

which says:

	Data must be written to app-specific locations. Because snappy
	systems are transactionally updated, we will provide you with
	two kinds of writable directory, one for the "system" and one
	for each user who runs binaries from your package:

		/var/lib/apps/<pkgname>/current/
		/home/$USER/apps/<pkgname>/current/

	That's it. You cannot write anywhere else! What you do with that
	space is entirely up to you.

This is a simple architecture setup to allow you to run random crap
off the internet as safely as possible.

Which, for the average user, since they already run random crap off
the internet, is great.  And for the security conscious user, is also great.

And in this world, an "app" apparently can be anything from running
/bin/ls by itself, to running an entire Debian system inside Docker.

It's almost like the Bazaar software development model being copied
into the end-user package management space.

- Chris