this post was submitted on 20 Mar 2024
302 points (98.4% liked)

linuxmemes

21009 readers
822 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

    • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    [email protected]
    [email protected]
    [email protected]
    302
    Don't worry guys it's sandboxed (fedia.io)
    submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]
    25 comments fedilink hide all child comments
     

    Article for anyone intrested

    you are viewing a single comment's thread
    view the rest of the comments
    [–] [email protected] 54 points 7 months ago (1 children)

    Sandboxing does nothing for social-engineering attacks, which is what many of the malicious snaps were designed for.

    And the thing that makes the Snap Store uniquely bad is that there's no human review. Anyone can throw up a malicious snap, and there are very good odds that it'll get served there. Even the Flathub, a community-run project, has human reviews before new apps get published. Canonical, despite having money and resources that community projects don't, can't seem to be bothered to take basic steps to protect their users.

    [–] [email protected] 23 points 7 months ago* (last edited 7 months ago)

    Yeah, what’s important to note is snap just requires a web based submission process.

    https://snapcraft.io/docs/using-the-snap-store

    Flathub requires a PR in GitHub, visible to the community. Spammers know they will get caught opening PRs

    https://docs.flathub.org/docs/for-app-authors/submission/