Not the first time this has happened, but recently the Snap store from Canonical hosted a scam bitcoin app that claimed to be Exodus wallet that caused a user to lose money.
Anyone can create an apt repo and the override your system packages with new versions.
At least with flatpak only the applications you installed from the bad actor’s repo would be affected, though obviously they can still have a ton of malicious dependencies
You’re pretty much just rehashing a possible apt repo “vulnerability,” but at least with flatpak they remember where each package was installed from.
What?
Anyone can create an apt repo and the override your system packages with new versions.
At least with flatpak only the applications you installed from the bad actor’s repo would be affected, though obviously they can still have a ton of malicious dependencies
This does not invalidate anything I’ve said
I wasn’t trying to, just pointing out that it was nothing new