Hi, mostly i use REHL based distros like Centos/Rocky/Oracle for the solutions i develop but it seems its time to leave…

What good server/minimal distro you use ?

Will start to test Debian stable.

  • itchy_lizard
    link
    fedilink
    arrow-up
    14
    ·
    edit-2
    1 year ago

    Go to the snap site and try to find a security section that describes how snap packages are signed. You won’t be able to find it because it doesn’t exist, and they don’t highlight their own security vulnerabilities.

    What I can cite is how this should work, for example how apt signs all packages by default

    Note how in the above doc there’s a message

    WARNING: The following packages cannot be authenticated!
    ...
    Install these packages without verification [y/N]?
    

    That doesn’t exist in snap because snap does not authenticate downloads. It’ll just happily install something maliciously modified.