4·
13 days agoDid ubuntu fix the issue where if a package with the same name exists in both the actual repository and in the snap store, it will silently install the one from the snap store?
I remember an attack where someone uploaded a package to the snap store with the same name as a different repo package, and people were downloading the “malicious” (it wasn’t actually malicious, just a proof of the attack vector) package instead.
If they haven’t fixed that yet, then yeah can’t trust the package manager either, on ubuntu specifically.
Well it certainly would be hard for me, as I don’t know anything about the UX needed for these features, and very little about networking in general, and probably close to zero about the networking concepts required to make something like you describe work.
But it sounds like you know a lot, jellyfin is a project that is 100% volunteer developed. Maybe you could contribute your expertise either via code or by providing a concrete action plan to the jellyfin team?
Be the change you want to see and all that.