Classic confinement for ttyd

ping @roadmr - I think this request is waiting on your help to transfer the snap ownership?

1 Like

I’m sorry to be a pest, but I’m wondering if I’ve missed some step or something.

Is there any update to this request?

@kz6fittycent nope you are not being a pest - nothing missed on your side that I know of.

@roadmr are you able to help with the snap transfer for this request?

1 Like

Sorry, I totally spaced out on this one (“classic confinement for ttyd? what’s that got to do with me?”).

It’s done now, apologies for the delay and for being silly.

  • Daniel
1 Like

All good @roadmr! Thanks for your help here and totally understand.

Do I need to disconnect my account from the snap build service? @tsl0922 are you able to login and start building the snap?

I’ve re-connected it to tsl0922/ttyd, and started a build.

1 Like

still failing.

(NEEDS REVIEW) confinement ‘classic’ not allowed. If your snap needs classic confinement to function, please make a request for this snap to use classic by creating a new topic in the forum using the ‘store-requests’ category and detail the technical reasons why classic is required.

Oops my bad - I only transferred the snap but didn’t enable classic confinement. It’s done now.

  • Daniel

Thanks! It’s OK now, published.

Mmmm… Is that normal that the https://github.com/tsl0922/ttyd/security/policy is empty? No Security or Privacy concerns for this? I do understand that it is just a tool, but still… Maybe at least checking if it has encryption libraries which could be used eventually for GDPR compliance?

Not sure if what I say here makes sense to you…

Just my 2 cents, trying to help…

I’m not sure what would quantify the risk to one’s privacy within the application. Unless someone is passing PPI, the privacy concern is next to zero. There’s no privacy policy with any of the terminals I use, and ttyd is a “terminal”.

Hi kz6fittycent,

what you say does make sense. Usually one would pass commands via Terminal, not PII (personal data). On the other hand there might be cases in which some parameter for a manually launched script might require that (which might be a rare case, but still). In terms of Risk that would be very small, so I agree with your statement. On the other hand, about Security, it would be good to have the Security part detailed better. Are we talking about plain TTYD terminal ? So the obsoleted Telnet ? If so, that should be detailed, as Telnet protocol is something which should never be used (unless those few cases were you want it wrapped in SSL) . In general SSH is the standard, so if TTYD is Telnet protocol, that should be detailed (as a warning) in Security policy info, to remind the users that Telnet passes usernames and passwords in clear on the network and that it is not accepted anymore in modern IT infrastructures (will likely cause to fail IT Security Audits).