Hacker News new | past | comments | ask | show | jobs | submit login

I'm out here imagining all the unethical hackers drooling over the sweet sweet vectors that are snap and flatpak. Unfortunately the qa and auditing aspects of distro packaging seem to be taken for granted, and the resources for that are surely not sufficient to counter motivated adversaries.



Don't forget helm charts and docker containers. The security/assurance of that supply chain is pretty lacking.

It feels like some people are actively applying the (historical?) Wordpress security model to Kubernetes for expediency.


Do enough people actually use Snap or Flatpak (especially at large companies) to make it worth anything? Iā€™d imagine that most people would just use real distro packages and stuff compiled from source instead of trusting Snapcraft or random Flatpaks off the Internet, especially in production.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: