Ubuntu will manually review Snap Store after crypto wallet scams
Ubuntu will manually review Snap Store after crypto wallet scams
Former Canonical employee calls out the "Safe" label applied to Snap apps.
Ubuntu Snap Store looked messy years ago. Why let people upload half baked software and experiments, which get no updates, but add to search engine results ? https://snapcraft.io/search?q=test We’ve found 815 snaps
One of the downsides to hardcoding snap to only be able to use a single repo/store is probably added difficulty in creating testing infra for testing if uploads/CI/CD work.
lol, one of the first one's I click on: https://snapcraft.io/test-snapd-public (by Canonical)
A basic buildable snap that is expected to be published in public mode
Maybe if they didn't insist on holding a monopoly over the store, they would be able to have an internal version of the store for testing, rather than cluttering the public one.
Yeah but then they can't pivot to charging for updates.
Oof. Never thought to test that. That's awful 😬
They weren't already?? What is the point of them
This is the best summary I could come up with:
As detailed by one user wondering what happened on the Snapcraft forums, the wallet immediately transferred his entire balance to an unknown address after a 12-word recovery phrase was entered (which Exodus tells you on support pages never to do).
Mark Shuttleworth, founder of Ubuntu and CEO of Canonical, responded to a related thread on whether crypto apps should be banned entirely.
Making apps safer for people vulnerable to social engineering is "a very hard problem but one I think we can and should engage in," Shuttleworth wrote.
At the Snapcraft forums, Holly Hall, product lead for Ubuntu's backing services company Canonical, wrote last week about a new policy of manual review for all new Snap registrations.
As noted by The Register, a different sandboxed app platform (store), Flathub, recently made related changes to its validation process.
Open software repositories have long faced issues with malicious look-alike uploads, including the PyPI index for Python programming.
The original article contains 568 words, the summary contains 155 words. Saved 73%. I'm a bot and I'm open source!
wasnt that the damn stated point of making it proprietary in the first place?
i dunno guys, feeling like their excuse was bullshit 🤔
@leo gitea is a snap, and it is wicked fast.
Snap is stupid, slow and lame. I stopped using Ubuntu just because I hate snaps. I just want to install my programs the normal way and avoid issues.
"stupid" and "lame" are a matter of taste, but "slow" is testable, and they're quite fast these days. They have their uses, especially on embedded devices and servers, but I get your point. Flatpak is my go-to.