No offense to the guy currently maintaining the current gh snap, he has done a fantastic job and doesn’t seem to be having issues.
However, I do think it is a little insane that this is still being owned by a 3rd party and not at the minimum snapcrafters, canonical or github themselves? The team themselves seem to be keen to push users to NOT use the snap. cli/docs/install_linux.md at e437b83773309d03d2781b8dc8fcdfdaa52dec73 · cli/cli · GitHub
This is a tool that has access to proprietary workflows, PAT tokens, actions and full github access, if an attacker had control of this snap and exfiltrated github secrets i can only imagine how many organisations, actions and github accounts would be compromised. It deserves better than to be in this current state.
It may be benign for now, but having a tool and publishing of this tool being handled by a single person seems like an open invitation for another xz style supply issue opportunity no?
I am engaging on the issue here too. GitHub · Where software is built
They have also explicitly requested the snap to be unpublished. https://github.com/casperdcl/cli/issues/7