While both sides have strong points, in the end to be a completely open packaging system there needs to be a way to set up at least a generic, simple store, for whoever wants to, imho.
As such I would advocate to at least be able to provide the following in a maintained open-source way:
- API Provider
- Base Snap-Upload management (ie, keeping whatever metadata is required around)
- Base Signing Infrastructure
‘Advanced’ Features can then be something everybody can implement as they would like as long as the adhere to the API specification:
This would make it possible to provide for a simple in-house development server that can still provide the base-security out of the box.
I believe that alone would make it a lot more attractive and future-proof.
‘Getting it right’ on conflicts is a nice wish, but planning for every contingency is also not necessarily part of what we want. We should allow a user to disable the main store and only deal with the packages from store xyz. This would be the case for classic mostly.
I love snaps, I love the way they function and update. But while advocating for snaps, this is a major stumbling block. And at times like that “but this is a workaround you can use” does not sound very appealing.