linuxmemes

20770 readers

970 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

302

Don't worry guys it's sandboxed (fedia.io)

submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

Article for anyone intrested

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 38 points 6 months ago* (last edited 6 months ago) (5 children)

I know we all like to hate on canonical for literally any reason, but this happens with every single software repository that is not a closed garden and some that are.

And yeah, it's sandboxed, so the damage is far, far less than it could be.

[–] [email protected] 15 points 6 months ago

I think the main issue here is they are telling users the software is safe without any due diligence.

[–] [email protected] 4 points 6 months ago

Closed garden has the same problem too, it's not immune

[–] [email protected] 25 points 6 months ago

Canonical is a profitable corporation trying to convince people to use their actual closed garden software repository but they can't even be bothered to do even the most basic of sanity checks to prevent obvious scams from appearing on their store. Stop making excuses for them.

[–] [email protected] 54 points 6 months ago (1 children)

Sandboxing does nothing for social-engineering attacks, which is what many of the malicious snaps were designed for.

And the thing that makes the Snap Store uniquely bad is that there's no human review. Anyone can throw up a malicious snap, and there are very good odds that it'll get served there. Even the Flathub, a community-run project, has human reviews before new apps get published. Canonical, despite having money and resources that community projects don't, can't seem to be bothered to take basic steps to protect their users.

[–] [email protected] 23 points 6 months ago* (last edited 6 months ago)

Yeah, what’s important to note is snap just requires a web based submission process.

https://snapcraft.io/docs/using-the-snap-store

Flathub requires a PR in GitHub, visible to the community. Spammers know they will get caught opening PRs

https://docs.flathub.org/docs/for-app-authors/submission/

[–] [email protected] 60 points 6 months ago (1 children)

Given that the snap store is a closed source proprietary component, I'd argue that snaps are a walled garden

[–] [email protected] 22 points 6 months ago

That was supposed to be their one thing.