I’m an upstream developer of Certbot and @niemeyer’s points sound good to me. We have a question for you all though.
Certbot has a plugin system which allows people to extend the project adding new ways to obtain or deploy certificates. We have plugins to perform domain validation with different DNS providers and plugins configure certificates with software like Apache and Nginx. We also have third party plugins written by people outside of the Certbot team.
To allow people to continue to use this system with a Certbot snap, @rbasak proposed https://github.com/basak/certbot-snap-build/tree/snap-plugins/doc. The way this works is plugins snapped separately can expose their code to the Certbot snap over the content interface which it will load and run.
The potential concern here we wanted to ask you about is that the plugin will be run with Certbot’s classic confinement even if the plugin is a regular confined snap. Classic confinement is often what is needed by the plugin to be able to do things like configure certificates with a web server, however, plugins would be able to do this without review if they implement the correct interfaces and are connected to the Certbot snap.
Are you all OK with Certbot plugins potentially written by a third party using this setup after users manually connect them to the Certbot snap? What about us configuring our own plugins we snap separately to automatically connect since they will be coming from the same publisher?
We wanted to get your approval here before continuing with this approach.