Hacker News new | past | comments | ask | show | jobs | submit login

My understanding is YunoHost makes absolutely no attempt to isolate apps from one another, it just helps you install stuff on a Linux box. Unfortunately that means a single flaw in a single app compromises your entire server.



Some effort has been put into adding systemd hardening per unit basis.

Every app is run by a special user created to do just that. This app user only has permissions for the app and data folder.

(I don’t have much security/hardening experience)


It’s was designed predocker and is a pretty old school setup. I remember they had issues updating Debian because the new Debian had a new php version which caused issues for some apps.


Yes, Yunohost makes installs very easy. But if something isn't working right then you got extra layers to deal with. I don't know how Sandstorm deals with this, but Yunohost taking care of the install and upgrade procedures means that you are bound to the Yunohost integration's version of the software. For instance when installing Discourse via Yunohost this version lags behind significantly. And also Yunohost disables the Discourse upgrade process, while it offers a superior experience.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: