repost of this issue: https://bugs.launchpad.net/snapcraft/+bug/2076944
Michel Samia notices that snap package tcping has no info of the maintainer. Also the backend portquiz(dot)net is nowhere mentioned.
I love using snaps and would like to help maintain and keep the ecosystem trust-worthy (:
This request has not been added to the review queue. It should be placed in the appropriate store-requests subcategory using the subcategory template for classic-confinement, privileged-interfaces and aliases requests.
Publisher page: Aibulat (aibulat) published snaps in the Snap Store
They don’t seem to have any presence on the forum.
Snap metadata:
name: tcping
version: 0.0.80
summary: TCP Ping
description: |
Test connectivity to a given TCP port
Report connection latency
architectures:
- amd64
base: core22
apps:
tcping:
command: ./tcpping-linux
plugs:
- network
confinement: strict
grade: stable
environment:
LD_LIBRARY_PATH: ${SNAP_LIBRARY_PATH}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
PATH: $SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$PATH
This snap only declares networking access, from the security standpoint it is so far so good.
Further inspection of the snap metadata reveals more info regarding the source:
I agree the assessment from @kyrofa made at https://bugs.launchpad.net/snapcraft/+bug/2076944/comments/1, this seems to be just another software using the same tcping snap name:
↑ Hey, here’s portquiz.net !
The binaries shipped from the snap also seems to be clean:
From the GitHub profile I can locate the potential publisher’s Linkedin profile: Aibulat Nigmatullin | LinkedIn.
I’ve left a private message to the publisher on Linkedin, let’s see how it goes.
