A scammer got a fake version of Exodus wallet in Canonical’s Ubuntu Snap Store. This fake scam wallet drained 9 Bitcoins (worth nearly half a million USD) from a user. This article goes over the CEO’s shocking and ludicrous response regarding KYC, crypto, and open source dev work: https://simplifiedprivacy.com/ubuntu-crypto-snap-scam/
Tor Browser Onion: http://privacypkybrxebcjicfhgwsb3coatqechwnc5xow4udxwa6jemylmyd.onion/ubuntu-crypto-snap-scam/
That’s why I don’t use Ubuntu, because of their over-reliance on snaps, which do NOT undergo the same quality controls as standard repository feeds. Stick with Debian, don’t use untrusted snaps, appimages, or flatpaks. All of the three formats seek to circumvent the exhaustive vetting that gives Linux a significant advantage over Microsoft Windows. Wallets are especially sensitive for obvious reasons.
Personally I found appimages to be the only useful out of the three, they make running programs with many complex dependencies and configurations very simple. They should be downloaded directly from the publisher and hashes verified of course.
Yeah I agree with this. But of course for some apps they only have flatpak to get the newest version compared to the one a debian based distro can get
@prancing389 @SummerBreeze is not the OS developer duty to do quality check on every third party app and its subsequent version updates. This consumes a lot of time for OS developers which should be focusing on OS development.
This stifles development and adoption for both the OS and third party apps. What OS developers should do is to check the authenticity of every app. Like flatpak is doing with verified apps.
Sure but this can be communicated better to the user’s expectations