Yeah that’s an issue for some users. But the vast majority of packages are available on apt as well, so you don’t have to use it for packages where this is critical.
Another problem is that many packages have been sitting waiting for critical bug fixes for months. I'm not sure what their focus is, but they really aren't particularly suitable for use as a desktop or server OS.
A third problem is that the quality of the .deb's they package is low and decreasing rapidly. For instance, they don't seem to understand how to properly configure update-alternatives anymore.
I'm guessing all the above can be explained by establishing hiring bars that aren't good predictors of job performance, and then letting it play out for a decade or so.
> Another problem is that many packages have been sitting waiting for critical bug fixes for months. I'm not sure what their focus is, but they really aren't particularly suitable for use as a desktop or server OS.
This is something that bothers me with all the containerisation yes.
If there is a big vulnerability in libssl found now, you just update your distro once and boom, everything that uses openssl is fixed.
Now with all these snaps you have to wait for every maintainer to incorporate the update in their package when they feel like it. It's a mess.