Unregister a name

actually, the developers in the snap stores are unable to unregister names…the developers have to register here in the forum, ask in a post to the admins and hope someone will answer and apply the requested change…
it is conceivable that the increase in the use of snap will also lead to an increase in the number of requests of this type…
All this seems to me potentially cumbersome for small projects with developers constantly coming and going…also not everyone has an interest in joining a forum just to ask for a name cancellation.
all this is not so intuitive and could lead to situations where a developer thinks that removing the snap is enough to unregister the name
My question is: why is possible to register a name through the store but it is not possible to unregister it?
why can I only add collaborators to a my snap but can’t give a registered name to someone of them without a “third party” intervention?
why this “third party” intervention must be asked in an “external” forum (with all the problems this entails… you have to prove here you are the same developer in the store before the request is accepted ) and not directly the store? all this seems to me a little noisy…
Is this only a missing feature or is there a motivation behind it?

I think their idea is to never cancel names just move them around to other devs willing to maintain app by requesting “transfer” in store-requests. Voting on requests is to have overview, transparency, dev guidance and for security concerns. This system works but as you point out there are human limits and problems at scale. Making it automatic would make it faster but not necessarily better.

sorry @predr but I don’t see how have to post a request in an external forum can be better in overview, transparency, dev guidance and, in general, a safer solution that a developer that give his/her registered name to another developer, directly in the snap store and that he/she already knows…

keeping this things in the store could lead to have all the security stuffs (the check of the requesting developer identity) done by the store login system (the request can be only done by someone that know both the owner email and password)…

now I have to post a message here and, if my forum credential is based on another email that the one used in the store login, I have also to prove my identity by sending a message from my other email to the admin that answered here or give my email in the forum so to be contacted to confirm and process ( for examplein this case and in this case…ps: posting an email address publicly in a forum could lead to potential spam problems)… imho this is not the safest way …

also have this automatically done by the store does not mean that checks (such as sending a confirmation message to the developer’s email) cannot be carried out. :man_shrugging:

I’m saying there is value in interacting directly with devs in open forum and security in this case doesn’t mean just authenticating devs. It also means protecting users from bad devs. There are scenarios I can imagine where transfer and name cancellation can be exploited and they have to think about those things.

Current system will not scale so they have to automate and do something but allowing devs to transfer and cancel names as they please is not a good idea IMHO.

I don’t like having second account either and I get your issue with diff emails but you don’t have to post your email you can post your snap account-id or username. Reviewer was asking for “destination account(s)” not emails.

I’m very sorry but I’ m still having difficulty to understand how let devs transfer name or cancel name of their snaps can be problematic. We are talking of the “owner” of a snap name and a bad devs can act more badly by uploading a bad snap than cancelling a name (I really can’t see how this could be a bad thing) or by giving the name to someone else (in this case we need two bad devs: a bad dev that give the name to another bad dev) also actually the whole system is not based on checking the developer’s skill or honesty. I’m not able to image a scenario where a third person check can prevent malicious events if the owner is a bad dev and can’t image a situation where the admin’s check add a level of security with respect to the security level given by the trust and knowledge of the first honest developer has of the second developer who would receive the name…

The only scenario I can image where this human check is necessary is if the Ubuntuone login system is faulty and/or is more easily circumvented that the developer email login system… :thinking: but still the malicious activity is more easily based by silently uploading a malicious snap than make an evident owner change or by eliminating the name (also very evident). Maybe a description of the possible scenarios of which you mentioned could help me understand.

thank you very much for your answers and patience. :blush:

ps: I found that internally to the snap store there is a messaging system to communicate for the dispute name…that is still used for the manual check but imho would be a better place to fill this kind of requests.:thinking:

For example, if cancel name was available and one cancels name so another dev could register (what you tried to do)… If someone saw that in Github issue they could quickly register that name and push malicious snap to existing users (have that name installed) before anybody notices. This can be remedied by triggering manual review every time but then we have circled round to “someone needs to approve change”, same as “transfer”.

Dispute name page is intended for original software developer getting name from snap maintainer… and while I was trying to find that page I unintentionally registered “obs” name and now I need to cancel a name! :laughing:

1 Like