I maintain a few snaps for projects that I am not upstream of, quite often it happens that whenever there is a new update of those projects, my snaps lag behind in terms of version.
To “fix” that, I wrote a tool called SURC (Snap Upstream Release Checker), it contains a scriptlet for each project that is supposed to be tracked, which when executed for the first time fetches the version number of the project at that time from its upstream urls and saves that into a database. On each subsequent run, if the version number is different than what was previously saved, a notification email (about the availability of the update) is sent to the recipients defined in the config file. A future version will implement automatic pull requests
That tool is also packaged and published as a snap named surc (duh!)
The emails are currently sent using MailGun, so anyone trying the tool would need a MailGun account. I’ll add SMTP support soonish.
Not all apps have such thing, “Official Site” might be better
Maybe some publisher set customized scriptlets can be routinely called by the store to verify the upstream version?
Such statements are actually in some degree contradicts to itself, AppArmor etc. ensures that even the package is outdated the damage of being exploited is limited to what it allows.
You are correct.
I was trying to say that security is a multi staged thing. Stronger stages will make stronger overall security. Sorry for the misunderstanding