Snapcraft, Snappy
Oliver Grawert
ogra at ubuntu.com
Mon Jul 11 01:38:31 UTC 2016
hi,
Am Montag, den 11.07.2016, 00:08 +0200 schrieb Ralf Mardorf:
> The important concern is related to lose track of what is inside all
> those containers. Imagine some containers depend on
>
except that there are no containers ...
yes, it might be that an app ships a vulnerable TLS lib in the snap...
that single app would be vulnerable until the upstream updates it ...
there is an opportunity to ship a TLS lib inside he execution env as
well and make it available to all snaps ... in which case you would
have this bit covered by the ubuntu security team...
another option is to use the upcoming content interface that allows
sharing of binary content between snaps (i.e. libs) so a libssl snap
provided from the ubuntu security archive would be an opportunity too
in case you are a lazy upstream and do not want to update your snap for
such issues ...
snappy is very flexible here ;)
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20160711/2ae6ef06/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list