Verified developers

backlog

#1

snapd currently returns a developer field for snaps. Since the store can contain multiple versions of a snap it is desirable for a user to be able to check they have the official version installed.

This is done in other app stores (Apple, Android etc) by putting an icon beside the developer name for accounts that have done some verificiation.

We could implement this in GNOME Software if we had:

  • A new boolean field from snapd e.g. developer_validated that we could use to hint to the user that this is an official account.
  • A means of validating developer accounts, perhaps via a store assertion?
  • A process for validating major account, perhaps the snap advocacy team?

How to become 'Verified' publisher?
Snap info but for publishers
The snapd roadmap
#2

Verified accounts is something that was baked into the model from the start, but we don’t yet have a process around that which verifies and displays that information. We just need to put that in place.

Official versions sounds like something else, though, and we don’t have that in place in the model, or even a clear idea of what it would entail. Verified accounts would still be able to publish any snap they want, and that would not mean they are publishing the official version for that particular piece of software. Of course, we’ll know what well known brands are supposed to publish, but that doesn’t work with software for which most people don’t recognize their authors.


#3

I don’t think there’s a technical solution / requirement to actually verify the snaps. I would think that a condition of being a verified developer is you only publish your own software.

The use case is:

  1. User wants to install GIMP
  2. User searches for GIMP and gets multiple results.
  3. User asks “is this the official one?”
  4. User is reassured that it is marked as from “GIMP Project (verified)” so continues with confidence.

Ratings and reviews will also help with confidence here (bad copies / malicious apps will be downvoted).


#4

Agreed, but this is the happy case of the scenario described above. The unhappy case is when you run snap info and find “Gustavo (Verified)” as the publisher, and then wonder “Who the heck is Gustavo!?”.

There’s also some danger that we need to mitigate about people associating trust with verification. On social media that’s not an issue because all we’re getting are comments anyway. But verified developers will still be able to publish whatever they want, just like everybody else, and people might end up associating trust with that badge, when in fact it just means that there are good chances of this being a real name behind the account.


#5

maybe rather than, or in addition to, verified developers we set up a designation which is asserted by the store on a single snap that indicates that it is the snap endorsed by upstream whoever they happen to be.

Kind of like the way DV SSL Certificates are validated by proving you control some aspect of the domain in question when you request a cert, there should be a manual process for an individual snap-and-developer combination that certifies that the developer is actually allowed to publish on behalf of the project/product.

The snapcrafters initiative should not be blocked from registering the official names, though, because we’re registering the preferred name on the basis that we’ll hand-over control when upstream is ready. At the point we hand-over control in this case the store admins would perform the manual verification step that whoever we handed the snap to is the official place and apply the endorsement bit in the store. So people aren’t blocked from registering any name, but the store provides proof of a specific snap AND developer combination.