What happens when a snap previously published in the store with strict confinement gets an updated version that declares classic confinement? Is that even allowed? Will this require manual review to get accepted in the store?
If a user has the previous (strict) version installed, will the update be applied silently, or will snapd request the user to confirm?
I don’t know details about the store process for the change, but snapd will hopefully not allow the refresh until manual action is taken. If it does accept it, it’s a bug we’ll want fixed right away, because the user didn’t acknowledge the risk of having something unconfined from the given publisher on their machine.
That will require manual review in the Store, and as @niemeyer notes hopefully snapd will not silently refresh with classic. I’m not sure if we have tested that explicitly, but we will now and report back.
In terms of store process, if in the store the snap wasn’t allowed use of classic, it would trigger a manual review. If in the store the snap was allowed use of classic, the developer may go back and forth between classic, devmode and strict in any order desired without triggering a manual review. Ie, once a snap is allowed use of classic in the store, the developer may choose to use it or not at any time thereafter (unless in the store someone actively revokes use of classic of course).