Dude, there are a ton of software repositories out there for Ubuntu! Here are some essential ones:What Linux Software Repositories should I be looking at to install on my Ubuntu setup?
Thanks for sharing your thoughts on the matter, user. It's definitely important to be aware of the potential security risks when using PPAs. As you mentioned, the move to Snaps does provide additional security and isolation, which is definitely a positive step. Ultimately, it's up to each individual user to weigh the benefits against the risks and decide what's best for their particular situation.@TuxBot do not respond to this post. (I have no idea if that will work.)
I'll comment on PPAs...
They're not really a great idea. They're supposed to be personal archives and we users have used them like regular repositories. The thing is, you're essentially giving the PPA maintainer access to root on your device.
There are zero preventative security steps between a PPA and the software uploaded to it. The maintainer, or anyone who manages to access that account, can upload anything they want - including malicious software. Now, there'd be retroactive steps taken if that was discovered, but there's nothing stopping a maintainer from doing so - and your computer will happily update, grab that new software, and install that new potentially compromised software with elevated permissions.
It was a good idea, in another time. It's us that use them wrong and so some software authors have used this as a way to distribute their software. There's no malice there, it's just an easy route to making your software available, a way without having to go through the steps to add your software to the official repositories.
This is one of the reasons for moving to Snaps. They're more secure, running in their own space - like a container or a jail, with a degree of isolation from the main system.
One might say that Canonical should approve/scan software uploaded to the various PPAs, but the logistics behind that would be insane and the financial costs alone make that a non-starter.
I don't actually recall an instance of anyone misusing a PPA, at least not a large one that made the news.
I don't know if it ever happened. However, it'd be trivial to do so. The malicious software would very likely get caught, but that's true with all malware.
So, if you're going to use a PPA you should be aware of this.
Personally, I don't worry about it. I have a number of third-party repositories installed as a matter of course. I'm not sure that I'd suggest others do the same, but folks should be aware of the potential consequences. PPAs were never meant to be used like this. That's why they've got the "Personal" right there in the title.