I actually was just writing a long response @Ads20000 when you posted that.
One of my points is that with Snap, there are no dependency problems. Therefore, it is not like PPA. It is like a PPA that always works.
Flathub is open source. https://github.com/flathub
This actually makes me wonder about Snap, a lot. Instead of a proprietary server implementation, why can’t we just use Buildbot like Flatpak? It is open source, works like a charm for Flatpaks… why not?
Snap is about a verifying middleman… Here is an option: What if there were levels of security, and things were layered. Let me explain. For example, you have:
- Snap Store (layer 1)
- Distribution-Specific Store (layer 2)
- User-Added Stores (layer 3)
Everybody includes Snap Store (by default), then you have a distro-specific store like the “Solus Store” or “Linux Mint” store that is independently operated and runs on top, and then you have user-added stores. Layer 1 and Layer 2 are automatically approved, layer 3 has more warnings.
Furthermore, these would not hook into eachother. Rather, it would be written into Snap itself to combine the results of the store, using a foreach loop. It would only take a few days to program, but it would work using a flow like this:
- User searches for “mysnap”
- Instead of looking on the Snap Store, the snapd program checks each store for the snap “mysnap”
- Returns results
Seems obvious, but it is actually only a minor tweak, doesn’t break too much, and would work. So you would now have:
- The Snap Store (with everything)
- Solus Store / etc. (with SolusArchive, Sol Package Manager, other Solus-related packages)
- User-added stores (come with security warning)
You get the trust, but users are still more happy. Ideally, there would be no middleman (in my view), but I think this would, at least, be compatible and keep distros happy.