Like probably most people here, I’m used to apt-get my stuff.
I have almost no other ppa in my list than the default ubuntu ones and so I have quite a strong feeling that when I apt-get something it will be safe ( as-in it won’t brake my system and it won’t me some kind of malware).
However, I have a feeling that the snap store it not like that since people can publish and that I should be more careful installing apps, a bit more like the python pip repository.
In the case of the audacity snap, you will see that it does not yet have a release in the stable channel, does have strict confinement, and connects to the following interfaces:
Also, it appears this is following the snapcrafters process (from the GH repo linked in the snap’s contact) and there will thus be an attempt to hand over to the upstream project.
Depending on your risk tolerance, you could try it out now or wait until it is further along and published by the upstream project. There’s a lot of freedom with snaps and we are working to provide information for users to make informed choices about the software they are installing.
it’s published by myself, who some may consider a known and trusted community member and participant of the “Snapcrafters” project (according to @popey and @wimpress, though I think they are lying to me, and are secretly plotting for my demise…)
The problem is that we don’t really know that the builds are really the result of one of the repositories on GitHub. It should be possible to reveal where the build came from (i.e. by build.snapcraft.io according to namespace/repo_name, or pushed directly by certain packager)