Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages.

  • ProgrammingSocks
    link
    fedilink
    arrow-up
    10
    arrow-down
    1
    ·
    10 months ago

    Yeah, fuck snap. I’ve been actively recommending against using Ubuntu because of it to new users.

    • Norah - She/They@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      6
      ·
      10 months ago

      I’ve been really enjoying LMDE (Linux Mint Debian Edition) as a main distro. It asks you during the install what package systems you want to include and you can just not select snap 👌