"VLC CVE", a good oportunity for Snappy?


#1

So there is a trending thing in this news cycle about a CVE that affects some VLC users. News sites are misinforming people and urging users to uninstall VLC.
None the less, there is a problem with an old third party library in the old and unsupported distros.

Since VLC snap package is not affected by this issue at all, someone from the snap or marketing team might want to jump on it and create a blog post or issue a press release “urging” users to install VLC from a snap package and explain the benefits at the moment and in the future.
Especially since VideoLAN has especially mentioned Ubuntu 18.04 in their tweets ( they also said it’s unsupported and it’s the users fault for not upgrading ).

https://twitter.com/videolan/status/1153963312981389312


#2

While I like the attempt to encourage people to use snaps for their security story, I don’t like the idea of jumping on a vulnerability in an unrelated well-meaning third-party software to do so…


#3

There’s no shame in helping another project that also has a good impact on yours. I guess you’d rather let the news outlets call for uninstallation of the unrelated well-meaning third-party software immediately. Like that’s a better solution for Ubuntu users.
You could have issued a statement from Ubuntu and help everyone, first the users then the VLC and lastly the snappy project itself.

Have I not mentioned it to VideoLAN in their tweets, users would just uninstal the app from 18.04.
Now the graph looks like this (I’m not claiming it wasn’t like that before, I don’t really know haha):