"senki sem adott megnyugtató, értelmes választ"
If a library which comes with snap contains a security issue, only developer of the snap can fix it, is right? Are there any mechanism to detect not secure snap packages in Ubuntu side.
Right now yes, that is the case. Later down the 16.04 timeline we will introduce a way for a developer to delegate to other developers so a group of people will be able to freely release updates to a given snap.
On the ubuntu side, as long as authors are going to use snapcraft, we will be using a manifest to keep track of packages that were used for a given build of a given snap and we'll work on a system to notify snap developers that a CVE (or other security issue) may affect their snap. Ultimately we don't want to spam people with false positives so it will be a while before this system is operational.
Kérdés hogy a fentiek mennyire számítanak megnyugtatónak.
Forrás: http://www.omgubuntu.co.uk/2016/04/ubuntu-16-04-lts-snap-packages#comme…
Érdemes a többi kommentet is nézni