© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
The concern is broader than just the snap under the name "bitcoin". Right now if you go search for "Bitcoin" in the Ubuntu Software Center you get a package maintained by a third party. While in this case Gal appears to be responsive to update requests, what prevents Bob from going and uploading a "bitcoin-core" snap or a "bitcoin-qt" snap or a "bitcoin-wallet" snap or one of any other many possible name variants containing malware which outright steals money from users? There is currently also an "Electrum" snap of unknown origin.
I don't know anyone in upstream who currently has the bandwidth to maintain a snap, so while taking the name and making it private solves (kinda) one problem, it makes it even easier for Bob to come along and publish malware.
Its my understanding that the snap security model implies sandboxing to try to reduce attack surface of random users uploading malicious software, but in the case of Bitcoin Wallets generally, this obviously doesn't help all that much, as the thing you want to steal is being provided by the user directly anyway.