this post was submitted on 30 Mar 2024
28 points (100.0% liked)

Linux and Tech News

15 readers
1 users here now

This is where all the News about Linux and Linux adjacent things goes. We'll use some of the articles here for the show! You can watch or listen at:

You can also get involved at our forum here on Lemmy:

Or just get the most recent episode of the show here:

founded 1 year ago
MODERATORS
leo@lemmy.linuxuserspace.show
28
Ubuntu will manually review Snap Store after crypto wallet scams (arstechnica.com)
submitted 7 months ago by leo@lemmy.linuxuserspace.show to c/news@lemmy.linuxuserspace.show
9 comments fedilink hide all child comments
top 9 comments
sorted by: hot top controversial new old
[–] lemmyreader@lemmy.ml 4 points 7 months ago (2 children)

Ubuntu Snap Store looked messy years ago. Why let people upload half baked software and experiments, which get no updates, but add to search engine results ? https://snapcraft.io/search?q=test We’ve found 815 snaps

[–] moonpiedumplings@programming.dev 4 points 7 months ago (1 children)

One of the downsides to hardcoding snap to only be able to use a single repo/store is probably added difficulty in creating testing infra for testing if uploads/CI/CD work.

lol, one of the first one's I click on: https://snapcraft.io/test-snapd-public (by Canonical)

A basic buildable snap that is expected to be published in public mode

Maybe if they didn't insist on holding a monopoly over the store, they would be able to have an internal version of the store for testing, rather than cluttering the public one.

[–] caseyweederman@lemmy.ca 1 points 7 months ago

Yeah but then they can't pivot to charging for updates.

[–] leo@lemmy.linuxuserspace.show 1 points 7 months ago

Oof. Never thought to test that. That's awful 😬

[–] umbrella@lemmy.ml 3 points 7 months ago

wasnt that the damn stated point of making it proprietary in the first place?

i dunno guys, feeling like their excuse was bullshit 🤔

[–] caseyweederman@lemmy.ca 2 points 7 months ago

They weren't already?? What is the point of them

[–] autotldr@lemmings.world 2 points 7 months ago

This is the best summary I could come up with:

As detailed by one user wondering what happened on the Snapcraft forums, the wallet immediately transferred his entire balance to an unknown address after a 12-word recovery phrase was entered (which Exodus tells you on support pages never to do).

Mark Shuttleworth, founder of Ubuntu and CEO of Canonical, responded to a related thread on whether crypto apps should be banned entirely.

Making apps safer for people vulnerable to social engineering is "a very hard problem but one I think we can and should engage in," Shuttleworth wrote.

At the Snapcraft forums, Holly Hall, product lead for Ubuntu's backing services company Canonical, wrote last week about a new policy of manual review for all new Snap registrations.

As noted by The Register, a different sandboxed app platform (store), Flathub, recently made related changes to its validation process.

Open software repositories have long faced issues with malicious look-alike uploads, including the PyPI index for Python programming.

The original article contains 568 words, the summary contains 155 words. Saved 73%. I'm a bot and I'm open source!

[–] MyNamesNotRobert@lemmynsfw.com 1 points 7 months ago* (last edited 7 months ago) (1 children)

Snap is stupid, slow and lame. I stopped using Ubuntu just because I hate snaps. I just want to install my programs the normal way and avoid issues.

[–] leo@lemmy.linuxuserspace.show 2 points 7 months ago

"stupid" and "lame" are a matter of taste, but "slow" is testable, and they're quite fast these days. They have their uses, especially on embedded devices and servers, but I get your point. Flatpak is my go-to.