I’m afraid “just update snapd” isn’t a great option here, at least not one that scales. It’s standard practice to only have security updates enabled in production, which means there are probably tons of servers out there with this same issue (although I will caveat and say it’s probably not super common for such servers to suddenly have a snap installed… but this issue keeps popping up). Perhaps we should consider pushing an update to -security so this doesn’t continue biting folks (particularly as core18 becomes the standard base). It’s not pretty or ideal, but it’s not unprecedented either. @mvo, how would you feel about that? @alexmurray how about you?
Update: @mvo and I chatted in IRC about this. He is, properly and understandably, concerned with abusing -security like this. He mentioned that the situation would be better if snapcraft injected an
"assumes: [snapd2.41] into core18-based snaps. At least then users would be greeted by an error message instead of just a broken snap. @sergiusens, does this seem doable? It doesn’t completely eliminate this issue as it requires that the snap being installed was built with a snapcraft that does exactly that, but it seems like a good step.