[sarnowski]

And last time I checked, they refused to let you use your own signing keys. Means you do not get end to end trust for your own bits but need to rely on Canonical that they don’t screw up - with the obvious effect of strong vendor lock-in as I cannot sign and run my own bits.

[mort96]

Yeah, that's the kind of stuff which has made Ubuntu Core rub me the wrong way before this. I'm a much bigger fan of Yocto[1], with something like Rauc[2] for the software upgrade system. It's more work to get going, but in the end, you're in control of your product, not Canonical.

[1]: https://www.yoctoproject.org/

[2]: https://rauc.io/

[voakbasda]

I have spent years developing systems using Yocto, and it's a steep learning curve for the average developer. Maintaining a proper distribution is not trivial. However, communities exist that want to band together and create distributions that meet their common set of focused needs, and Yocto would be perfect for many of those use cases.

Of course, take my opinion with a grain of salt. I am currently developing a tool at my day job to significantly lower the developer time required to produce and regularly release our Yocto-based distributions. I hope to be able to release that package as open source at some point.

In any case, Yocto is infinitely better than Ubuntu's Snap Crap.

[public_defender]

This is the reason that Signal has given for not providing/allowing their client on f-droid (since all f-droid apks are signed by f-droid rather than the maintainer). I wouldn't be surprised if it were the issue here.

[easrng]

iirc fdroid allows apps to be signed by the developer if the builds are reproducible.

[voakbasda]

Couldn't you just double sign your bits? Sign your payload with your key, then wrap that in a snap with their key; snap verifies the outer sig, then an "inner" installer verifies the sig of the payload. That said, I would run screaming from an ecosystem with such insanity.

In fact, I am poised at the starting line of that sprint, but I'm still trying to decide what my next distribution will be that provides similar quality and cadence. It's a somewhat sad day, as my servers have been running Ubuntu for almost two decades. A switch will be immensely painful, but the state of their snap crap is pushing me to switch all of my systems once and for all. Worse for Canonical, I then will be taking all of the systems in my engineering division to those greener pastures.

[hamburglar]

What gives you any assurance that your inner sig check isn’t tampered?

[runlevel1]

How does that work? I would have expected Canonical to just be the CA.

[sarnowski]

You get your private snap store and upload your snaps to it. Signing and delivery is only assured between the IoT device and the snap store. Not between you (the developer) and the device.