Hey @all,
after reading the following three links:
h**ps://snapcraft.io/docs/creating-your-developer-account
it seems to me, that the developers real life identity is never checked even on verified accounts . The suggestion is that all communication is done digital by email or forum posts.
Is this correct?
If not, at what account membership you are verifying the developers real life identity and how?
thank you for your help
sh
Itâs a bit strong to say âneverâ. Many of the early âverifiedâ developers are as a result of physical meetings.
On the other hand side itâs a bit strong to say âverifiedâ if the latest âverifiedâ developers identity is unknown 
I donât want to do any ubuntu/canonical or snap bashing here ⌠I am using ubuntu and snaps but if we are using a canonical driven snapstore we expect a clear notification that snaps by verified accounts are save to use or not and all others are not save to use.
And if the verification process of a verified/star-developer/developer account is faulty this is not bad but they have to mention this very clear.
Edited: registered substituted by âverifiedâ
Well, unverified apps arenât necessarily.unsafe to use either.
I donât know who wrote the JavaScript on this page but my computer still runs it.
I would however love to know the answer to your question, but if I gave you a call on Skype and showed you photos from my childhood, does that mean you can actually trust me, or just you know who to arrest if I step out of line. Itâs really the second part thatâs key in my opinion, can we really trust somebody if theyâre in a jurisdiction that punishment is rarely enforced?
I donât work for Canonical, but I used to. From my experience, I donât believe there was ever a request to show a government-issued ID to become a verified developer in the Snap Store.
In the early days, when we âverifiedâ a publisher, it was to enable users to be more confident that the application was being published by the upstream developer or a responsible community member representing the upstream developer.
It was never about proving the human meatbag at the other end was a specific human.
No idea what the internal process is now, but I suspect itâs still not doing real-world ID checking. I think the process youâve seen documented online is what it is. No more, no less.
I was curious, so I queried all the public snaps with something published for amd64 architecture. These are all the verified publishers I could find. Thereâs not a lot.
2appstudio
ameshkov
aws
basecamp
bitwarden
blenderfoundation
blix
brave
cacherapp
certbot-eff
circleci
cmd
collabee
crystal-lang
domotzpublicstore
dotnetcore
dwellir-snapcrafters
flock-chat
foundry376
google-cloud-sdk
hpoul
inkscape
jgraph
julialang
katacontainers
keepalived-project
krita
lenovo-snap
meltytech
metabrainz-apps
mosquitto
msft-storage-tools
nginx-inc
noderedteam
nodesource
o3de
octave-snap
onlyoffice
opera-software
play0ad
plexinc
postman-inc
projectjupyter
ramboxapp
remmina
rocketchat
rubylang
standardnotes
streamsheets
telegram-desktop
vscode
Not a huge number. These 51 verified publishers are responsible for 98 published snaps. With the other 6233 snaps published by 2699 unverified publishers.
So about 1.5% of snaps are verified by around 1.9% of publishers. Roughly.
This is correct! You are right my statement was really to short maybe to provocative. But it helps to wake up people.
If your computer wonât run it or the script will do some really evil things you know who to contact and who is responsible for it (at the first sight):
Contact Us
In the event of a critical issue or urgent matter affecting this site, please contact us at https://www.canonical.com.
Yes, you can trust them more than somebody you know only from a computer-chat.
We can state so far that we have some kind of âfraud prevention and detectionâ-system here but it should be improved. And yes you are right again that we could never make it so secure that it is âmetal solidâ. But we can try to come much closer.
I would appreciate if someone of the policy-reviewers can bring some light into the darkness or confirm what popey said:
OK, one month has passed and none of the policy reviewers have responded. Can I conclude from this that this topic is not being pursued?
Anyways âŚ
@James Caroll: Thank you for your answers.
@popey: Thank you for your answers and for your blog. Your post (exodus-bitcoin-wallet-490k-swindle) on your blog prompted me to inquire more detailed here.
Cheers SH