Hi,
I’ve taken a look at the metrics for the mosquitto snap today, and when looking at the channels view I noticed that there are a handful of channels that I know nothing about, as shown by the red dots here.
Most of the channels have 0 installs - I presume there was one or two at some point which is still weird - but more concerning is 20/stable which started in around July 2021 and has been growing ever since to make up 10% of the total installs.
What’s going on here?
Thanks,
Roger
I don’t think anyone here can make an accurate guess. You should reach out to the snap publisher:
$ snap info mosquitto --verbose
name: mosquitto
summary: Eclipse Mosquitto MQTT broker
publisher: Mosquitto Team (mosquitto✓)
store-url: https://snapcraft.io/mosquitto
contact: https://mosquitto.org/
links:
contact:
- https://mosquitto.org/
website:
- https://mosquitto.org/
Sorry, I should have made that clearer. I’m the snap publisher, I’m the only person with access to the account. That’s why I’m surprised that there are channels I didn’t know about. I’m hoping someone from Canonical can confirm what it is and in particular that it’s nothing nefarious.
Hi,
Thanks for raising this. Our team will look into it and get back to you as soon as possible.
Thanks,
Odysseus
Hi,
These metrics are based on what clients periodically report to the Store during refresh requests; more specifically the tracking channel of each reported installed snap. We use those channel names verbatim - with some validations, but we don’t check the channel actually exists. This is to show publishers an accurate picture of the installed base of their snaps without hiding any data unnecessarily. So, these clients are somehow tracking an unexistent channel.
@maxiberta Thanks for the reply. What you’ve said makes sense and I understand why you’d do that.
So essentially if I worked in a company and decided to build my own snap to deploy install on machines we owned/sold and used that channel name and the same snap name, then it would report back to the store and you’d show it. This other snap would have no benefits of being able to auto update though, because it’s not hosted on the store.
I guess I’ll never know where it’s from.
Cheers,
Roger
Not exactly. When snapd sends a request for snap update it includes a list of all installed snaps and the channels they are tracking. In fact the request does not even include snap names, only snap IDs.
The snap namespace is global, snap IDs and names are unique. AFAIU (@maxiberta please confirm), users of brand stores are not able to publish snaps under the same name as ones already existing in the global store, they have to use a different name (usually prefixing it with their brand store name). On the other side of the spectrum, unasserted snaps that you may have built yourself have no snap ID, track no channels and are never included in the request to the store.
So unless, there’s a request which references the exact same snap ID it should no be aggregated towards the stats of mosquitto.
@maxiberta on the other hand, such requests do seem a little bit suspicious, no? It feels like the store should be rejecting them.