Why does Ubuntu require us to register an account on Ubuntu website to be able to install a Snap package?

software-installation software-center privacy 16.04 snap

Today I wanted to install a Snap Package on Ubuntu Xenial, but it prompted me to register an account on Ubuntu Single Sign-On.

Why does Ubuntu ask us for such a thing?

Installing a Snap Package:

image

This is the reported bug on Launchpad, https://bugs.launchpad.net/ubuntu/+source/software-center/+bug/1581713


This behavior is consistent with Ubuntu Software Centre. Canonical works with third-party software providers to provide payment and hosting for commericial software in the partner repository. In Ubuntu 16.04 LTS, this is being replaced by the Ubuntu App Store which powers the snap repository's backend.

While the command line tools provide access to free-of-charge snaps without issue, the Ubuntu Software store uses Ubuntu One to handle payment processing and order history (so that previous purchases can be downloaded and installed on any number of systems that you own).

So this is an implementation detail that matches the behavior of the software being replaced by Ubuntu Software.


There is a technical reason and a design reason for the current behaviour.

Firstly, snapd requires some form of authentication since it is performing a system-level operation. On the command line you can use sudo, just like when you apt install, so no online account required. When using Software, the only form of authentication currently available is the Snap store. Alternatives are being discussed...

I did an attempt to resolve this by trying to get snapd to generate a Macaroon without store access. But as I understand it getting a Macaroon requires a round trip to the store.

So I think the solution to this is to either allow snapd to generate local Macaroons or use some other type of authentication token for local access. (comment 27)

Secondly, SSO authentication was the primary design pattern because Snappy's primary use-case is managing multiple IoT devices. The negative effect on desktop/laptop users was unplanned.

The net effect is much better security for these devices... look at modern wifi access points, for example. You get a single management account, usually in the cloud, and you manage all devices through that. (comment 25)

It looks like there is a plan to change the behaviour so that desktop/laptop users aren't required to use an online account to authenticate. You can subscribe to the bug to receive news as changes are made.

Handing out a token to root that provides an authorization to manipulate the system is analogous to allowing root itself to be doing removals without further store information, which we allow... The necessary infrastructure for that is pretty much in place since we already have to maintain the local and remote macaroons separately, and the situation where the remote macaroon is missing or incorrect is already handled. (comment 29)

Related

What's an uppercase 'T' at the end of unix permissions?
What has been your experience with paid support from Canonical? [closed]
What is the difference between Ubuntu+XFCE and Xubuntu?
How to speed up the Dash response?
How can I find out if a process is CPU, Memory or Disk-bound?
python-is-python3 package in Ubuntu 20.04 - what is it and what does it actually do?
How can I completely remove NetworkManager?
How to kill a script running in terminal, without closing terminal (Ctrl + C doesn't work)?
What is the proper terminal-way to shutdown?
When will Ubuntu 18.04 release and at what time? [duplicate]
How to remove uninstalled snaps from cache?
What are the advantages/disadvantages of the new encryption feature in ubuntu 13.10