Not this kind of malware specifically. Their snap repo has a policy of allowing fully automatic app submission as long as the app is sandboxed. This led to multiple people submiting modified crypto wallet apps under the branding of the original trusted devs, without any challenge on Ubuntu’s part. You could also put up a
Librewolf version that leaks all the passwords you type in, or a Signal without encryption - ✨ endless creativity ✨. This specific attack is harder on Flathub as all apps have to be checked by the moderation team, and they should ask question if your Librewolf package is built from your own repo.
the malware one happens in most repos at some point, but the rest is why i dont use ubuntu.
Not this kind of malware specifically. Their snap repo has a policy of allowing fully automatic app submission as long as the app is sandboxed. This led to multiple people submiting modified crypto wallet apps under the branding of the original trusted devs, without any challenge on Ubuntu’s part. You could also put up a Librewolf version that leaks all the passwords you type in, or a Signal without encryption - ✨ endless creativity ✨. This specific attack is harder on Flathub as all apps have to be checked by the moderation team, and they should ask question if your Librewolf package is built from your own repo.
Yes, that is not just OS repos. There have been plenty of cases with PIP and NPM hosting malware.