I am an advanced Linux user, but brand new to FlatHub. A user requested that the crypto currency application PIVX be setup on Flathub.
Since the PIVX wallet holds currency, we want to make sure there are steps and procedures in place to prevent a scammer from integrating a version of the wallet with malware that steals their funds and adding it to Flathub.
Can someone please describe how Flathub prevents this from happening?
I think twice now, there has been a fake Github repository created for PIVX by changing the name slightly. (Example, PIVX-project instead of just PIVX etc.) Each time, there were many people who were fooled, and they lost funds.
We would like users to go to our official Github where they can also obtain the signatures, but the truth is - most everyone skips checking signatures.
I would hate for 1,000’s of people to update PIVX via Flathub, only to find that they got scammed because someone exploited a vulnerability, and put a version of PIVX on Flathub with malware inside.
I appreciate any advice on how this is prevented.