I recommend we approve classic for the yarn snap, on the following basis:
- This snap is oriented towards developers to install new functionality in their system which they need to understand and be responsible for in order to use.
- There’s no possible confinement strategy that would allow all packages manipulated by the tool to work, since they carry arbitrary logic.
- The tool is already popular and already being used by the community. Offering a snap maintained by upstream is an improvement over installing a third-party repository.
- Offering a snap is also an improvement in terms of ensuring that such a security-sensitive tool remains up-to-date automatically and with serious bugs fixed.
- This is a step towards encouraging people to confine their own applications, which are generated with the help of yarn.
Please note that all of these points are very specific to this case. We’re still learning about that sort of usage, and we should continue to keep an eye on it and discuss when new cases come up.