** Changed in: snapd (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1658181
Title:
snapd bundles golang dependencies despite being in main
To manage
I think Tyler's proposal makes sense. I maintain snapd with unbundled
dependencies in Debian sid, and it's really not been very painful.
One thing we want is for snapd to fairly closely track new versions of
its dependencies; any security fixes are likely to be developed for the
tip of the
My thoughts on this are that it may be acceptable to bundle dependencies
in SRUs when the stable Ubuntu release doesn't already have the given
dependency packaged. This would be acceptable to me in snapd's case
since upstream has a very close relationship with Ubuntu Security, we
trust that
Snapd is a complex application that is constantly evolving (new features
are being added in nearly every release made) and it is unreasonable to
create something like snapd without depending on a new library or new
version of a library as the need arises. Bringing each and every
dependency back to