Comment 18 for bug 1510522

For 16.04 we're having a look not only at vendor but at the whole metadata that is included in the snap. Sergio has kindly prepared a document that highlights what is currently in use, and we're starting to draft a list of changes we intend to do in time for 16.04 there:

https://docs.google.com/document/d/1QbPOoGBEEZ5qFTYWSKLVUCw4EQvQ0eBWTSqmhU9Bj0I/edit?disco=AAAAAiYPg6o

Coming back to vendor, the term is incorrect according to agreements we've made in the last few months. This is actually either a snap publisher, or a snap developer. Most likely the latter. Besides the name, it also feels like we have issues in terms of the accepted values. If this is a snap developer, we should most probably have the actual developer name there, because that's what all of snappy will be looking at. As a practical example, if we have "apache.beuno", it means we have the "apache" snap from the "beuno" snap developer, so what we should have in that file is "beuno", not a name or an email.

With all of that said, it's not even clear that we need that information in the snap, or whether the information we have from assertions would be more interesting. So my initial recommendation was to drop that data altogether until we know how exactly how we'll be using it, so that we can have a more informed conversation that isn't just based on suppositions.

With regards to the use case mentioned above, I apologize for not being aware of these details, but at least what was said above sounds a bit curious. We cannot use someone's email to determine whether they can access something or not. What would we do with people that have a gmail email? This feels so unreasonable that I'm probably missing important points of that issue, so can you expand on how that information is being used and what the intention is for the near future?