@ali1234 it’s not using gitian. That would be a nice thing to support in snapcraft, though.
You can trace the daily uploads in travis, and inspect the logs there to see that we are just cloning master and building it without any changes. That’s uploaded to the store automatically by travis, and the download you get is signed by the store and uses https. We are also working on recording your build so it can be audited and reproduced later.
But ultimately, the publisher is in control of the channel. This means that you have to trust the publisher, in this case, me. If you don’t, you have to build your own package.
How does a snap protect the wallet from the rest of the system?
Your wallet is stored in a path that’s not readable by other snaps.
Isn’t the security model completely backwards for this use case?
I don’t understand this question. Can you tell us more about what do you mean here?
-datadir
That’s not available for all the binaries. And leaves you with the option to select the default when the window is opened the first time, which is wrong because it’s a path not writable by the snap.