Snap publisher vetting process

Goal

To ensure that the publisher of a snap is genuinely associated with the upstream project or belongs to a trusted group (e.g., Snapcrafters, Canonical, Verified Accounts).

Who needs vetting?

Publishers of snaps that require special permissions (super-privileged interfaces, classic confinement) need to be vetted.

Exemptions

Canonical employees working on Canonical snaps do not require vetting. They are assumed to be trusted through their employment agreement with Canonical.

When the upstream source code is private, the publisher is vetted through the Verified Accounts process.

Process Overview

1. Requester provides the name of their account associated with the upstream projects hosting platform (Github/Gitlab etc).
2. A random token is generated and sent to the snap publisher via the Snap Store Dashboard.
3. The requester is asked to commit this token to the upstream project’s repository. Note this does not need to be in the main branch, it could be on a temporary branch, but it must be a branch within the upstream project’s repository, not the requesters personal fork or similar.
4. The reviewer verifies that the committed token matches the one sent.
5. If the token matches, the publisher is vetted as a trusted contributor to the upstream project.
6. The list of vetted publishers (maintained as a comment against this forum topic) is updated to include the name of the snap, the snapcraft forum user who made the request, and their associated github account, along with a link to the forum post in which the vetting was requested.