Yes, thank you, that is what I am after!
I think there are several opportunities to display this information in the current snapcraft.io/store. Currently snapcraft only has the “Verified account” badge as a means to vouch for the snap.
Compared to https://hub.docker.com/search?q=&type=image, you can see that they have a few different levels. They use “Official Images” that are made by Docker, “Verified Publisher” that is sort of like the one snapcraft uses. There’s also “Docker Certified” which is above and beyond what I am suggesting here.
However, there are also ways to feel safe in using the ones that don’t carry the above badges, and this is what my point is. Take this one, for example: https://hub.docker.com/r/buildpkg/debian
I can directly and easily see the Dockerfile, and can tell right away that there are no shenanigans going on. I can also see the automatic build logs, so I know that the chain of trust is not broken between the source code and what was uploaded to the Docker repository.
So, my suggestion would be that snapcraft does something similar. Show the contents of the related
snapcraft.yaml file directly on the store page (or link to it), and indicate that the build was performed on the build server and therefore matches the
snapcraft.yaml recipe. Some sort of “Trusted build process” badge or whatever could also be used.
I think this would go a long way of increasing snap usage as people would be more inclined to trust snaps made by 3rd party developers. Realistically, why should someone trust them otherwise?
It could also help entice new developers as there would be more exposure to
snapcraft.yaml files instead of having to go hunting for them. I think it has helped the Docker community by always showing the Dockerfile alongside the container description.