Do I have to create a new snap package everytime a dependency gets a security update?

package-management dependencies snap deb

Solution 1:

The short answer is yes, you'll need to rebuild your snap if you need to update a dependency. However, there's a longer answer here, too.

Say you have some application that uses SSL (could be some embedded software or a full-blown website using Apache). You do your research and utilize specific key exchange and symmetric algorithms. Now say a security vulnerability was discovered in SSL, and a new version was released. Just because it's a security release doesn't mean the patched vulnerability was in one of the algorithms you used. What if it wasn't? What if, by patching that vulnerability in an algorithm you didn't use, something you did use was broken or compromised (happened to me recently with PHP)? If you're bundling it you can make the call about whether or not you need to upgrade on a use-by-use basis. You can also test it extensively before rolling it out to all your users. There's also the possibility that the distribution you're targeting has a different version of SSL that doesn't work with your piece of software, where bundling it in the snap provides for a common experience across platforms.

There's definitely a trade off between the benefits of sharing dependencies and the benefits of bundling them.

Related

How do I switch from Ubuntu 16.10 to Ubuntu 16.04? [duplicate]
Systemd .service file not working
How to install android NDK?
adding a new column as line number in a csv file
How to open the desktop of Ubuntu machine?
Can't install .deb files on Ubuntu GNOME 17.04
How to launch Anbox?
How to install a package greater than or equal to a particular version
KVM Virt-Manager Error: No active connection to Installed on
Ubuntu 16.04 – Disable internal WIFI while enabling external WIFI adapter
OBS is not working with Wayland display server
Ubuntu 16.04 Ctrl+Alt+S doesn't work