Since the snap store is proprietary, canonical should be liable for it.
Linux
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Yeah especially since they had a "verified safe" label on it in the snap store web page.
Indeed
The opposite of this would set a terrible precedent
It's sad, but as a crypto user I'd be sketched out enough about using a centralised hot wallet app like Exodus in an official capacity, let alone entering my private key in something installed via a 3rd party app store. This probably happens on the Play Store a few times a week, and that's on a bigger platform with a full security review process. It's ultimately unavoidable.
Bitcoin is just a scam in general.
"Bro, I'll sell you this really complicated number. No one else has it."
"What can I do with it?"
"Sell it for more money to a bigger fool than you."
"I'm in.*
That's not fair. You can also ruin the environment with it, it's baked into the technology.
“Bro, I’ll trade your food for this fancy piece of paper”
“What can I do with it”
“Trade it for more food with a bigger fool than you”
“I’m in”
(Not saying that you’re wrong, just your argument is stupid)
The problem with most crypto compared to regular money is that it's often seen as an investment. However, one of the most important factors for a currency that is used in everyday transactions is stability and predictability. Money is supposed to ease trading goods and services as a universal middleman. It's not supposed to make someone rich who invested first.
Of course there's also inflation and deflation with regular money but as soon as that's getting out of control, it typically leads to serious economic issues.
Not to sound like a shill or anything but that's what's great about monero. Its actually used on a daily basis as money because it wasn't designed to be an investment vessel. Unlike most crypto currencies monero is one a few if not the only crypto currency that could suffer from inflation as there is an unlimited supply however this works out in avarage uses favor as there's no scarcity based value which means there's less speculation trading leading to a more stable price. I'm not sure what the long term effects of having an unlimited supply of monero is but their justification is that it's a predictable fixed ammount added which will prevent hyper inflation.
Once again I'm not a crypto shill, I'm literally saying investing in crypto is a bad idea and to only use it for it's utility.
“Trade it for more food with a bigger fool than you”
Or of course buy any other commodity that you require in life. Which isn't the case with any crypto.
That only works if you find someone who accepts your money. The difference to crypto is that most people accept money, only few accept crypto
Of course based on that definition. Fiat currency is the same. Just without the complex number.
I am really not a huge fan of crypto. But honestly all modern (post gold standard) money. Is entirly based on users confidence in the nations backing it. The proof of work used for bit coin. Really is no more a matter of faith in folks dumb enough to buy it from you later.
Uh oh, you've awakened the crypto bros...
That's a bit how currency works in general, the only reason why that piece of paper / metal has value is because we agree that it does (mainly large banks will back it). People also buy and sell currency
The issue is around it being seen as an investment more than as a currency?
Its a currency. The finance sector us cancer for commoditizng everything. They've caused famines by markets trading of food.
That's how all currencies work.
"Bro, I'll sell you this piece of paper with a number in it" etc.
Targeting linux desktop. Damnn
Are we finally famous?
Truly, the year of the Linux desktop!
For all the wrong reason, I can totally see some coiner bro tweeting this headline going "this is why your should use #windows when handling your #bitcoin" 🙄
It's a good thing bitcoin is more secure than fiat money
Lol
It is on the FlatHub as well.
That's is the genuine one. There is a genuine company called Exodus for Crypto. The problem is that a scammer made their own clone and nobody verified whether they really are from the Exodus company.
If you check the manifest on Flathub you'll see they verified it belongs to the real Exodus
Yes. You are right. Thanks. Just listened to the Linux Matters podcast episode about this. Crazy.
42,396 installs.... Holy shit.
Edit, from the article:
This “Exodus” application published in the Snap store was indeed a scam application. There is a genuine organisation that developed a real, seemingly ’legitimate’ cryptocurrency wallet application. This is not that.
Any chance that the FlatHub one is legit?
Apparently the Flathub one is indeed legit
I mean FlatHub isn't safe in general. You could just target someone downloading the package and give them a malicious package instead. FlatHub doesn't check sigs, so its a hot mess
They seem to be doing more on that side than Canonical is. But I agree, it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked before publishing.
I hope this is a wake up call for Snaps and Flatpaks.
Apps from the repo have the security, which is why I always default to the distribution repo
it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked Brexit before publishing.
Brexit?
Damn autocorrect...
The repo is gpg signed. I don’t know why you think thats not sufficient.
“packages” don’t exist like traditional distros. Its a large repo of data.
Point me to the documentation that describes this
https://ostreedev.github.io/ostree/man/ostree.html - GPG verification section
This isn't even the right project's documentation
… I assumed you knew the basics.
Flatpak uses ostree for all data. https://docs.flatpak.org/en/latest/under-the-hood.html
I'm disappointed you criticize the project so harshly with no knowledge of it.
No, my point is that if flat pak doesn't document that they cryptographically verify the authenticity of packages, then they dont.
Even the ostree docs say that it supports it gpg encryption. It supports it. It doesn't enforce it. That depends on the implementation.
I will continue to harshly criticize projects that leave users vulnerable. Want to prove me wrong? Link me to the flat pak docks that clearly say that all packages are cryptographically verified after download and before upload.
Look, Flatpak does, and it’s secure. You can spread misinformation if you like but don’t be proud of it.
You clearly have no capacity to accept new information in good faith.
Its not terrible but its certainly not great either
Its pretty terrible compared to normal OS package managers.
How so? I just open up gnome software an search for the application I need
Cryptographic verification of the packages authenticity
It’s produced without upstream involvement but does seem to be legit so far. I placed a post seeking clarification about the Flatpak situation on Reddit 6 months ago. I quickly got a response after posting it. However, the response was from some scammers and I never got a response from the company behind it itself.
LOL, you should have DYOR and used a cold wallet. You clearly don't understand the complexities of Bitcoin, have fun staying poor!
/s