Note that historically ‘installer snaps’ are not allowed (I’ve recently updated the process to reflect this). Some of the reasons include:
- if the snap is used to install traditional distribution packages (eg, debs, rpms, etc) then the snap has instant root, can break the system, can replace snapd, etc accidentally or intentionally in a way that cannot be predictably rolled back. While all classic snaps are in a position to do this, an installer snap is specifically in the business of installing software and modifying the system to use it.
- another aspect, as @pedronis alluded to, is that installer snaps are typically used to advertise software from different stores/archives and there is no guaranteed gatekeeping of those stores. The global Snap Store has all kinds of processes, checks, cryptography, processes to revoke/unpublish snaps, etc to make sure things are safe. An installer snap that installs arbitrary content onto the system circumvents this
- similarly, most installer snaps do not provide a mechanism for launching what they installed under confinement. The installed applications are integrated directly onto the host or launched by the classic-confinement snap itself, in both cases unconfined
For context, the snap-store snap is strictly confined and is allowed to install snaps through the snap store using snapd. While this is a highly-privileged snap, it does not suffer from the same problems as the above. There is also packagekit-control interface to be used with traditional packages, but this interface is reserved for official distribution software managers, not 3rd party installer snaps.
In the specific case of app-outlet, it wants to install snaps, flatpaks and AppImages. IME, my point ‘1’ need not be considered since it doesn’t want to install traditional packages. ‘3’ is mostly addressed since snaps and flatpaks are expected to run under confinement after installation (though, see my questions below), but AppImages are not run under confinement. Which leaves point ‘2’; presumably the official global Snap Store is where app-outlet would get snaps, but where does it get flatpaks? Does it need to configure flathubs on the system? Where is it getting AppImages? Are the added flathubs and AppImages verified/gatekept in any way? Does app-outlet allow ‘sideloading’ flatpaks and AppImages?
Does app-outlet provide a launching facility? If so, specifically, how does it launch each of snaps, flatpaks and AppImages? Does it write out desktop files? If so, specifically what are the contents for each of snaps, flatpaks and AppImages?
@pedronis - it feels like app-outlet may be out of scope with its inclusion of AppImages. Flatpaks could be made to work with an additional interface, but then this brings in your questions and mine wrt provenance of the software and who is responsible in the event of malware, etc. I wonder if there was a flatpak interface if it, like packagekit-control, should be limited to distribution software managers and not 3rd party installer snaps?