A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time; if nothing changes, it likely won’t be the last.

  • @delirious_owl@discuss.online
    link
    fedilink
    39 months ago

    I mean FlatHub isn’t safe in general. You could just target someone downloading the package and give them a malicious package instead. FlatHub doesn’t check sigs, so its a hot mess

    • danielfgomOP
      link
      fedilink
      English
      4
      edit-2
      9 months ago

      They seem to be doing more on that side than Canonical is. But I agree, it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked before publishing.

      I hope this is a wake up call for Snaps and Flatpaks.

      Apps from the repo have the security, which is why I always default to the distribution repo

      • qaz
        link
        fedilink
        19 months ago

        it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked Brexit before publishing.

        Brexit?

    • @AProfessional@lemmy.world
      link
      fedilink
      English
      1
      edit-2
      9 months ago

      The repo is gpg signed. I don’t know why you think thats not sufficient.

      “packages” don’t exist like traditional distros. Its a large repo of data.