This is a perfectly valid question to be asking.
I think there are two failure modes you should consider. First, a failure of Canonical which takes out Ubuntu itself. And second, a failure of the snap store economics which make it difficult for Canonical to continue to operate the store.
The first is unlikely but possible, especially if there is a massive liability situation which is beyond Canonical’s reserves. Canonical is a small business by global terms, about 1/20th the size of Red Hat, but we are slightly profitable. Ubuntu’s future is basically secure thanks to Canonical customers.
A massive liability, while possible, would also not be in the interests of any significant player to engineer, and in the interests of many to prevent. Any liability that impacts on Canonical could equally well impact on community distributions too, and those have additional complications if you are really thinking through sustainability. Canonical is unusual in being sustainable and relatively open. I say ‘relatively’ only because we defend certain points vigorously, we believe in the interests of Ubuntu and its community, but of course some folks think we shouldn’t do that and still consider ourselves open
So, it’s probably safe to consider Ubuntu safe, as long as Canonical has customers
The second, where the snap store turns out to be uneconomic, is more interesting.
First, the design of snapd doesn’t depend in a complex way on the snap store. It should be the case that a pretty simple store can service even modern snapd. The protocol has gotten more complex, but I would expect that most of it can be ignored. In simple form, snapd says ‘hello store I have these snaps from these channels’ and the store says ‘hello snapd you should update to these versions’.
Things like staggered release cycles and fancy channels are complex and a lot of work in the store, but you don’t have to have them, so a simple store should suffice. There used to be an open source implementation of the store protocol. I know we haven’t maintained it but I also know we haven’t actively undermined the principles of that snapd-snapstore design.
As for the basic store economics, I’d say right now the snap store requires more engineering investment than it generates revenue, so yes, there is a reasonable question mark about its sustainability. BUT I can say I love the design and engineering work we have done there, I consider it some of Canonical’s best work (both snapd and snap store, and yes I have heard the rumours to the contrary, it’s just I know how hard the problems are to do properly and I’ve seen the quality of work going into addressing those problems, my thoughts are my own blah blah :)).
I personally see a pretty straightforward path to snap store sustainability with the trajectory of customer wins we have so far. Big, serious companies who make big, serious IoT devices love the security story of snaps and the mechanisms that the snap store provides them to control updates. While those customers are not yet quite enough to cover all the costs of the snap store, as an entrepreneur I see a very healthy flow of wins, devices, growth, that makes me feel that will all be above water very easily.
It’s also important to say that we aggregate our work in PC’s, enterprise desktops, and IoT snaps. On that calculation, the whole set is economically sustainable. So Canonical is sustainable and loves the snap store, and the snap store is part of IoT and desktop which are sustainable, it’s just the snap store itself where we are currently putting a lot of work into next-gen capabilities.
To restate the opening line, this is a very valid question to be asking. What you have above is, I hope, a startling amount of transparency as to the underlying economic dynamics. I trust any thoughtful tech person would be able to understand those dynamics and feel good about betting on snaps.
Finally, to give my take on ‘why Ubuntu Core and not static images’, I would say this. Maintaining an OS properly is a LOT of work. Most companies that rolled their own OS images with Yocto three years ago, are way behind on patches today. Not because they are bad or because they are lazy, just because it’s a huge amount of work. The design of Ubuntu Core lets the device maker focus on the real image they control, which is the snaps they care about, and ride the wave of Ubuntu for everything else.