- cross-posted to:
- linux@lemmy.ml
- technology@beehaw.org
- cross-posted to:
- linux@lemmy.ml
- technology@beehaw.org
A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time; if nothing changes, it likely won’t be the last.
I mean FlatHub isn’t safe in general. You could just target someone downloading the package and give them a malicious package instead. FlatHub doesn’t check sigs, so its a hot mess
The repo is gpg signed. I don’t know why you think thats not sufficient.
“packages” don’t exist like traditional distros. Its a large repo of data.
Point me to the documentation that describes this
https://ostreedev.github.io/ostree/man/ostree.html - GPG verification section
This isn’t even the right project’s documentation
… I assumed you knew the basics.
Flatpak uses ostree for all data. https://docs.flatpak.org/en/latest/under-the-hood.html
I’m disappointed you criticize the project so harshly with no knowledge of it.