Daily Linux & Open Source News - S01E58 - More scam apps in the Snap Store
Added 2024-03-20 08:58:18 +0000 UTCHey everyone!
In today's episode, we have:
- 00:05 10 more scam apps in the Snap Store
https://popey.com/blog/2024/03/exodus-wallet-part-three/
- 02:53 New Nvidia drivers are out
- 04:55 Mesa drivers have corporate issues
https://www.phoronix.com/news/Mesa-Revert-For-SPECViewPerf
Have a nice day!
Comments
Yeah, it's the big challenge. Now, distro maintainers do NOT guarantee the safety of a package, a maintainer could lose it and decide to add a crypto miner in the package they're shipping, and no one would notice until a user finds out, but no maintainer will probably do that, as they're generally volunteers, and it takes a lot of free time. For centralized repos, I think the easiest solution is to only allow verified applications by default, and display warnings when trying to install third party repackaged apps, just to make sure users are aware it might not be safe.
The Linux Experiment
2024-03-21 08:20:53 +0000 UTCThis app was last updated in 2019, that alone tells you that you shouldn't download it, at best it's abandonware. I doubt it's malware though, just abandonned.
UsernamesAreHard
2024-03-20 14:09:21 +0000 UTCCanonical is doing a poor job with security on their proprietary backend, what a dud. I've tried Ubuntu again lately and I must say that Snaps have gotten better when it comes to opening time speed but the proprietary backend, the badly designed update mechanism and now those security issues really give me a poor impression of snaps. I'm starting to wonder if third party repositories like snapcraft and flathub are such a great idea for apps distribution if security can't be guaranteed, at least a distro's packages repository is vetted by the distro's maintainers which guarantees you a good level of security if you stick to the big players like fedora, debian or OpenSuse.
UsernamesAreHard
2024-03-20 13:24:00 +0000 UTCWas this also scam? : https://snapcraft.io/mcpe If you also tried this Snap, you should better change your Google Password. It says wrong password, but who knows if the data is stolen. Or the applikation is not finish.
chrometakaki
2024-03-20 10:22:28 +0000 UTC
