Comment 1 for bug 1804957

note, its not specifically about the -package- but about malicious snapdevs ability to namesquat established project names away from their specific implementations

this makes ubuntusnaps the number 1 -NEVER- recommended method for users, as this one dev can just willynilly decide to push whatever

like a shellscript that first grabs all private keys , mails to the dev , and then launches some fake client that pretends the dev didnt just steal all his money

if the quality control of ubuntu snaps is THIS SUPERLOW , there's no way in hell it could ever be trusted