A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time; if nothing changes, it likely won’t be the last.

  • delirious_owl@discuss.online
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    10 months ago

    I mean FlatHub isn’t safe in general. You could just target someone downloading the package and give them a malicious package instead. FlatHub doesn’t check sigs, so its a hot mess

    • danielfgom@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      10 months ago

      They seem to be doing more on that side than Canonical is. But I agree, it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked before publishing.

      I hope this is a wake up call for Snaps and Flatpaks.

      Apps from the repo have the security, which is why I always default to the distribution repo

    • AProfessional@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      The repo is gpg signed. I don’t know why you think thats not sufficient.

      “packages” don’t exist like traditional distros. Its a large repo of data.