Malicious namesquatting of snaps
Bug #1804957 reported by
Bastiaan
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snapcraft |
New
|
Undecided
|
Unassigned | ||
Bug Description
The user who squatted the 'bitcoin' snapname is forcing incompatible and greatly outdated software to users leading to incompatibility and lost money.
| information type: | Private Security → Public |
Revision history for this message
| Bastiaan (buzz--) wrote | #1 |
Revision history for this message
| Bastiaan (buzz--) wrote | #2 |
To post a comment you must log in.
note, its not specifically about the -package- but about malicious snapdevs ability to namesquat established project names away from their specific implementations
this makes ubuntusnaps the number 1 -NEVER- recommended method for users, as this one dev can just willynilly decide to push whatever
like a shellscript that first grabs all private keys , mails to the dev , and then launches some fake client that pretends the dev didnt just steal all his money
if the quality control of ubuntu snaps is THIS SUPERLOW , there's no way in hell it could ever be trusted