Question about Snaps
Oliver Grawert
ogra at ubuntu.com
Sun Oct 9 12:50:32 UTC 2016
hi,
On So, 2016-10-09 at 06:06 +0200, Ralf Mardorf wrote:
> On Sun, 9 Oct 2016 05:43:30 +0200, Ralf Mardorf wrote:
> >
> > >
> > > except that the handfull of the bigger desktop apps on linux do
> > > exactly this today already, firefox, thunderbird,
> > > chrome/chromium,
> > > skype, steam all build, link and ship their complete set of
> > > depending
> > > libs today inside their deb, libreoffice does this partially
> > > ...
> >
> > And especially those apps are very often listed as being
> > vulnerable.
>
> Btw. the issue with those apps more likely is the weakness of
> bloatware. In case of those apps the bundled libs unlikely are an
> issue, because those apps have got an immense huge community,
so you say that when an app has a huge amount of users it does need
less attention to vulnerabilities in the bundled libs ?
thats a weird statement to make.
> but Linux
> provides many other domains, with smaller target groups and less
> maintainers and developers, where it would be much harder to keep
> track
> of bundled libs.
>
and snappy provides solutions for this and still allows you to only set
up your snapcraft.yaml once and have your package regulary updated with
security fixes via auto-builds/rebuilds ...
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20161009/c7a86554/attachment.sig>
More information about the ubuntu-users
mailing list