I maintain a few snaps for projects that I am not upstream of, quite often it happens that whenever there is a new update of those projects, my snaps lag behind in terms of version.
To “fix” that, I wrote a tool called SURC (Snap Upstream Release Checker), it contains a scriptlet for each project that is supposed to be tracked, which when executed for the first time fetches the version number of the project at that time from its upstream urls and saves that into a database. On each subsequent run, if the version number is different than what was previously saved, a notification email (about the availability of the update) is sent to the recipients defined in the config file. A future version will implement automatic pull requests
That tool is also packaged and published as a snap named surc (duh!)
The emails are currently sent using MailGun, so anyone trying the tool would need a MailGun account. I’ll add SMTP support soonish.
The code is available here https://github.com/om26er/surc and there are setup instructions on that page.
Together with Selective-checkout: Check out the tagged release revision if it isn't promoted to the stable channel , one can ensure that the tagged release is always built in the edge channel and do the promotion when the upstream has a new release.
UPDATE: Retracting statement as I’m not sure it’ll apply.
Adding a section called “Main project link:” in Snap Store will be great.
See pic to be clear.
The link can be used to determine if the snap is outdated or latest.
“Latest version:” can also be used instead of “Main project link:”.
Snaps use AppArmor for security. Using old package is BAD for security.
Screenshot taken from: Atom
Not all apps have such thing, “Official Site” might be better
Maybe some publisher set customized scriptlets can be routinely called by the store to verify the upstream version?
Such statements are actually in some degree contradicts to itself, AppArmor etc. ensures that even the package is outdated the damage of being exploited is limited to what it allows.
You are correct.
I was trying to say that security is a multi staged thing. Stronger stages will make stronger overall security. Sorry for the misunderstanding