Canonical has announced a new policy requiring reviews for all packages submitted to the Snap Store or known as Snapcraft for use in Ubuntu, following an attack involving the submission of fake crypto wallet app packages into the system, resulting in users having their cryptocurrency stolen.
New snap package registrations now require filling out a form explaining the package’s functionality and undergoing a review by Canonical engineers beforehand (taking 2 business days). Only after passing the review can packages be submitted into the system.
Attacks on popular software repositories have been increasingly common recently, with the latest case being PyPI having to temporarily stop accepting new packages. Other repositories like GitHub, RubyGems, and npm have also faced similar issues.
Source: Snapcraft, Ars Technica
TLDR: Canonical enforces package reviews for Snap Store submissions due to recent fake crypto wallet app attack. Other software repositories also experiencing security issues.
Leave a Comment