- cross-posted to:
- security@programming.dev
- cross-posted to:
- security@programming.dev
Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages.
I suppose that sounds great, but every time I see a thread where folks complain about these various packaging formats, I’m just really happy I don’t use any of them on my system. All I see in these discussions are user-level problems that I don’t ever have due to avoiding them entirely. One day when I can’t run a distro that doesn’t use them I suppose I’ll have no choice, but until then… We clearly seem NOT to have settled on a single target, so I don’t know why I’d voluntarily wade into all that as a user while it’s still not settled.