> I don't use Snap on my Ubuntu Desktop systems because I don't like apps secret...

irunmyownemail · 2024-12-25T17:56:59 1735149419

Unfortunately that creates a choice between an app that updates in an aloof manner or allowing it to exist in an insecure, not updated state.

rlpb · 2024-12-25T23:44:35 1735170275

What do you mean by "aloof manner"? As far as I'm aware, snaps' updating mechanism is quite reasonable and doesn't suffer from the many update related issues that apt/debs have, especially when users want packages not included by their distribution.

amelius · 2024-12-25T17:57:00 1735149420

You can also block the updater's internet access by adding this to your /etc/hosts file:

    127.0.0.1 api.snapcraft.io

And for other updates:

    127.0.0.1 archive.ubuntu.com
    127.0.0.1 security.ubuntu.com
    127.0.0.1 mirrors.kernel.org
    127.0.0.1 deb.debian.org
    127.0.0.1 ppa.launchpad.net
    127.0.0.1 flathub.org
    127.0.0.1 dl.flathub.org

Use at your own risk of course.

setuid · 2024-12-25T19:20:52 1735154452

Or you can just avoid hacking your hosts file and breaking other tools, and set your Snap and Apt proxy configuration to a non-existent value, or firewall their ability to reach those hosts.

Or configure them properly by disabling auto-updates, configure unattended-upgrades appropriately for your needs, and only update your apt packages from a known, internal mirror endpoint that doesn't change until you point it to a new timestamp.

That's how it works in the real world, in production. It's not 1994, we don't hack hosts files anymore.