[kwlug-disc] Malware found in Ubuntu Snaps Store

Bob Jonkman bjonkman at sobac.com
Sun May 13 11:44:36 EDT 2018


Cranky writes:
> I suppose it was improbable

Did you mean "inevitable"?


Khalid writes:
> The repositories [...] had people who
> advocated their inclusion. These people do the legwork...

I don't think these people are appreciated enough. It certainly isn't
the glamour work of programming or spinning up a new distro or
developing a social media website...

--Bob, who would like to see the Floss Fund revived, but isn't willing
to do the legwork...


On 2018-05-13 11:15 AM, Khalid Baheyeldin wrote:
> We were sheltered because the tried and tested methodology of repositories
> made us immune to this for ~ 25 years or so.
> 
> The repositories (e.g. Debian and Ubuntu, ...etc.) relied on getting
> applications that were open source of some sort, and had people who
> advocated their inclusion. These people do the legwork of straightening out
> the kinks in their configure, install, and update, and write code that
> would make it into a .deb package, with config.d style configuration, pre
> and post install scripts, ...etc.
> 
> Either that, or the application was well known enough and already did the
> process as part of their release (think the well known databases, desktops,
> ...etc).
> 
> So there were eyes on the software.
> 
> Snap's model does not seem to have the equivalent of these safeguards:
> stuff may be uploaded by anyone, and we have seen how this makes some apps
> purely malware on Android and even Apple (who claim that they review apps).
> 
> On Sun, May 13, 2018 at 9:30 AM, CrankyOldBugger <crankyoldbugger at gmail.com>
> wrote:
> 
>>
>> I suppose it was improbable, although I had hoped that we were a bit
>> sheltered from this stuff:
>>
>> https://www.linuxuprising.com/2018/05/malware-found-in-
>> ubuntu-snap-store.html


Bob Jonkman <bjonkman at sobac.com>          Phone: +1-519-635-9413
SOBAC Microcomputer Services             http://sobac.com/sobac/
Software   ---   Office & Business Automation   ---   Consulting
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180513/c2f7a106/attachment.sig>


More information about the kwlug-disc mailing list