Kubuntu is a common gateway into KDE Plasma and it ships Firefox as a snap. If I download and install the latest Kubuntu LTS, Discover will have a snap back-end included so you can search for and install snaps, but snap updates don’t show up in the updates menu like in GNOME Software.
This is a problem because the average user will install the system which comes with a severely outdated Firefox (without the fixes to the recent libvpx and libwebp RCE exploits) and they will update using Discover and be told there’s no more updates as snap updates aren’t displayed.
Snapd runs automatic update checks 4 times a day, which can take several hours and when it does happen it’s not that straightforward, as it will display an “update pending” notification if Firefox is open, but depending on the version of snapd it will not immediately update the browser when it’s closed, requiring the user to do a manual snap refresh using the terminal, which is the case in the version that comes with 22.04 LTS.
As a result, a Kubuntu user can be using a browser with a critical vulnerability for a long time before they notice it’s outdated or they get an update notification and have to look up how to get it done. This is bad for UX and bad for security.
Would it be possible to integrate snap updates into Discover so newer versions don’t have this issue?
i think the other snap packages do get updated in discover, if i’m not mistaken… just not firefox for some reason likely to with mozzilla.
the notification and shutdown-firefox-to-update coordination has improved but it’s not 1:1 like it is on windows and you don’t seem to be able to download the update in the background while still using firefox like you can in windows.
Speaking as an occasional Discover developer, I can tell you that Discover’s Snap backend is rather rudimentary and not often used. It’s nowhere near as polished as the PackageKit and Flatpak backends. It needs more people to use it, care about it, and develop it. Currently those resources do not exist.
For what it’s worth, perhaps this is due to handling of a change in snap channel? When I’ve installed Ubuntu/Kubuntu (a few times over the past year or so), I’ve found that the Firefox snap is at first targeting a “release-specific” snap channel, rather than one of the standard ones like stable, candidate, edge, etc. I imagine that the Ubuntu Software app (which, up until 23.10 just now, has been a fork of GNOME Software, not the straight upstream version) is doing something snap-specific to accommodate that and switch the channel?
I’m considering it. Should I go looking for a developer or do I just post in the Sponsored Work subforum and they will come?
Also how is payment handled, up front or on delivery?
And how do I know if KDE is okay with a feature being sponsored?
I have no idea on the specifics, but I hope Discover update integration is possible.