hi, Am Montag, den 11.07.2016, 00:08 +0200 schrieb Ralf Mardorf: > The important concern is related to lose track of what is inside all > those containers. Imagine some containers depend on >
except that there are no containers ...
yes, it might be that an app ships a vulnerable TLS lib in the snap...
that single app would be vulnerable until the upstream updates it ...
there is an opportunity to ship a TLS lib inside he execution env as
well and make it available to all snaps ... in which case you would
have this bit covered by the ubuntu security team...
another option is to use the upcoming content interface that allows
sharing of binary content between snaps (i.e. libs) so a libssl snap
provided from the ubuntu security archive would be an opportunity too
in case you are a lazy upstream and do not want to update your snap for
such issues ...
snappy is very flexible here ;)
ciao
oli
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
