I believe the Snap ecosystem would benefit greatly if it were mandatory for developers to upload build manifests alongside their snaps — not just the prebuilt package.
Reasons & suggestions:
- Transparency & verification – Manifests must be open source, so the community can scrutinize the build process. A QA process should ensure the published snap matches exactly what was built from the manifest. This could help prevent issues like this malicious cursor snap case.
- Better enforcement of best practices – Reviewing only the prebuilt snap allows bad build practices to slip through. The store should enforce ecosystem-wide requirements like updated bases, extensions, and secure variables — similar to how Google Play and the Apple App Store enforce technical standards.
- Reduce unnecessary fragmentation – For example, if someone wants to ship
ffmpeg, there shouldn’t be countless approaches. Limit to two:
- Build from source within the snap environment (no prebuilt binaries).
- Use a maintained runtime like
ffmpeg-2404. - Pulling from Ubuntu repositories isn’t ideal, as those builds aren’t optimised for snaps.
- Community review & actionable feedback – All manifests should be open for community scrutiny. Suggestions from reviewers or the community should require a response — either acceptance or rejection — not be left stale. Canonical store admins should have the authority to back good suggestions and encourage upstream adoption.
- Public domain access – All snap manifests should be openly accessible in the public domain, ensuring long-term transparency and trust.