Just as Microsoft and its developers are the controversy of Private Software, it seems that Canonical has the same role within Free Software. A few days ago, malware was discovered in the official snap package store. This meant that certain applications could annoy the performance of our computer as well as our Internet connection.
Fortunately, the snaps store development team caught it early and were able to remove the infected applications, but was it enough? Many users They have asked for more security and Canonical has responded that in the withdrawn applications they are not malware or illegal since cryptocurrency mining is legal.
Although this case does not correspond to a simple mining application but to malware that worked against our will. And that is the reason why Canonical was justified by the withdrawal of the applications and it is the reason why we can classify those applications or rather those versions of those applications as malware and not as free software.
But even though Canonical has acted quickly and infections have not spread, the danger and controversy about universal packages has not been avoided and many users have already raised the alarm about them. The snap app store has no reviewers but instead has software that checks certain parameters of snap packages And that means that line after line of the code is not reviewed nor can the code of the applications that are not Free Software be seen. What's more, snap packages are present in many distributions that are not based on Ubuntu like Fedora or Solus, which makes the controversy and the danger even greater.
Leaving aside the controversy and Canonical's relationship with it, we have to say that if it is used wisely, any type of installation is safe, otherwise the format will not matter. If we want that what happened with snap packages does not repeat itself, we have to use common sense and do not use packages or repositories that we do not know.
Never give root permissions but ask for them and in case of being very suspicious or having valuable software, it is always good create a virtual machine or personal computer to serve as a test bed. Anyway, apply a little common sense. The developer affected by cryptocurrency mining has not yet spoken, but something tells me that he will not be silent What do you think?