If you use apt (or any apt-based front-end) to install debian packages, then, yes, update/upgrade will get the version for the OS you are running, updated for security issues and sometimes for new features. However, the goal of any "release" is stability, so don't expect new features for 99% of the packages, just bug fixes and security updates.
Now, Canonical has also decided to "help us" migrate to using snap packages. They do this for firefox, chromium, thunderbird, and a few other things. For those things, using
apt install will pull a tiny .deb file that forces the snap version of the package to be installed. This can be desirable or terrible, depending on your needs and the specific package.
By default, snaps packaged software checks for updates 4x every day. It is possible to change the period and delay checking, but as we all know, the tyranny of the default is a real thing.
I patched once a week, usually on Saturday mornings, so my systems are stable and ready for work all the other days. About once every 3-5 yrs, something bad will happen with one of these patched upgrades, so I'd rather not waste time on Monday trying to solve a stupid issue. I want my computers to earn money and help me deal with clients. I've found how to use some snap commands to delay snap updates to happen only on Saturdays. Sadly, at 12:01am, Saturday, any snap packages are queued up to go and hunt for updates. It messes with my system backups. The snap interface doesn't allow finer control, sadly. I could do some network blocking outside of snapd, to get what I want, but that's a little more effort than I can justify.
There are reasons why I only use LTS releases:
https://blog.jdpfu.com/2010/07/29/wh...-linux-desktop --- it is a bit old, but still relevant. Package management and easy maintenance is a key reason why I've been using Linux a very long time. More important than any GUI, at least to me.
The summary of my preferred order to choose to install programs is this:
- repo,
- snaps,
- PPAs,
- source,
- deb files
More discussion on each
- Always start with using the Distro packaged solutions first. APT.
- Next, look for a trusted PPA and use that. PPAs integrate into the normal OS patching and a trusted PPA would provide updates as needed when dependent packages are updated.
- Next would be a Snap/Flatpak/AppImage package. There are some downsides and upsides to using these. Canonical seems to think our computers are smartphones with 1 storage device and I suppose for that situation, Snaps aren't THAT bad. But they don't allow local control and people using more storage are likely to bang their head's into storage access restrictions.
- Next would be a .deb/.rpm file. This will most likely break package dependencies and in 3-6 months, 1 package can prevent other important core packages from being updated. This is commonly known as "RPM Hell", but "APT Hell" would better fit on Ubuntu. There are 2 solutions for APT Hell. Remove the original .deb file that was manually installed OR do a fresh - clear-field - nuked-from-orbit - OS install.
- Next would be using source code. This assumes it is a compiled language. For some small script programs (python/GoLang/Perl/Bash), that work in highly dynamic ways and need updating weekly, it would be preferred to use the original script install/update method and not the .deb file or snap or PPA or even Canonical Repos. But for larger projects with multiple dependencies and compiles, best to avoid manually installation, since this means you've just accepted the need to redo this at least monthly for as long as the system uses that program. All to stay patched and current.
I think that list handles most situations. There can be exceptions, but those really need to be avoided by people who cannot fully commit to maintaining their systems.
Snagged that from a LUG presentation I did a few years ago.
Bookmarks