Ignore idividual (non-security related) updates fron Discover in Kubuntu 20.04 LTS

Question

Before I get flamed..

I don't want to ignore important security updates or updates for any programs that could be security risks or compromised.

Just programs I use for note taking or music production or what-have-you. Offline programs that don't do any networking, upload or download anything, or connect to anything or receive connections, that I have set up in a very particular way and are working just as I need them to and don't want banjanxed by an update.

And I would like to only see the "Update Available" notification when important things are available like Kubuntu patches or Firefox updates or important things that I absolutely do want. This may include non-critical updates for other programs so I'd prefer not to reduce my notification status to critical security updates only. Just trying to ignore a very small few selectively.

Currently it is always showing and I keep checking it periodically only to see it's updates for offline programs that I don't want messed with.

Thanks for any help in advance

Answer 1

After a release (like 20.04 or 20.10), Ubuntu rarely updates software. If Ubuntu is released with Foo 1.3, it will continue to use that version for the life of the release. Future releases will have newer versions. This means that you won't get random changes for six months until the next release of Ubuntu...or five years for the life of an LTS release of Ubuntu.

• Maintainting your workflow (not changing the user interface) is one of the original goals of LTS releases.

Deb package updates in the -security pocket of the Ubuntu repositories are, of course, security-related. These are almost never new releases -- the Ubuntu security team deliberately tries to patch the vulnerability and nothing else.

• If you don't install these, Unattended Upgrades will install them for you.
• There are a few exceptions: For example, all releases of Ubuntu get the latest upstream releases of web browsers via the -security pocket.

Deb package updates in the -updates pocket of the Ubuntu repositories are critical (crash or data-loss) bugfixes that are not security issues. Minor bugfixes go into the next release of Ubuntu.

• If you don't install these, Unattended Upgrades won't install them for you.

Snap packages are designed to update without asking you. The updates can happen at any time, including to new releases. While this is a desired feature for many users, this kind of random-update seems the opposite of what you want. For a stable, unchanging workflow, avoid snaps that are under heavy development or update frequently.

However, stable and well-maintained Snaps have some features that you may find attractive. They avoid the LTS-to-LTS migration cliff. Snaps have clearly defined interfaces that don't change. Snap sandboxing may help keep your system stable by isolating flakier applications. Many Snaps are built and tested by the upstream developers directly.

Answer 2

I figured it out.. just turn off all but the 'security' labeled repos in Discover>Settings.

This will also comment them off in /etc/apt/sources.list. In my mind that is okay, an LTS version shouldn't be updating except for critical patches.

If a software install requires a package update (again should be unnecessary on LTS), a user can turn these back on and update, perhaps after backing up the working OS. I have had Linux OSes break after updates, hence my opting for LTS. And this finally solves one of the major stability issues with Linux. I can choose whether or not to install the security updates, but I suspect these are not the packages causing previous problems.

Edit: If the OP wants to disable update notifications per application, it looks like there is a way to block packages from updating using Apt: apt hold 'package-name' (or unhold). Or changing the Pin-Priority from 1 to 0 in /etc/apt/preferences. https://www.tecmint.com/disable-lock-blacklist-package-updates-ubuntu-debian-apt/

Edit2: Unselecting in Discover or commenting out repos in /etc/apt/sources.list has the side-effect of blocking installs and searches from apt for corresponding packages. It did stop notifications for non-security updates. But it looks like there is a specific repo called 'updates' which may stop them without blocking apt from finding packages.