Dear @reviewers, advocacy team(@evan, @popey, and @Wimpress) and snappy architects,
I would like to request classic confinement for my snap
git-cola (https://snapcraft.io/git-cola) according to the process for reviewing classic confinement snaps.
Git Hooks requires access to external commands
Git Cola is a Git frontend, one of the Git’s feature is that one can install executable hooks that are triggered in several conditions (like committing a new revision, push changes to a remote server, and preparing the commit message), these hooks can include/be any commands that simply can’t pack them all into a snap.
Git Attributes requires access to external commands
Git attributes are settings that can be specified for a certain path pattern under the repository, one of its usage is to set-up clean/smudge filter programs to clean-up/pre-process checked-in/out code, these filter programs can call any random commands that simply can’t pack them all into the snap.
These usages make Git frontend snaps not possible to be strictly confined without limiting its functionality. Thanks in advance!
IME, the fact that git-cola and other snaps can reach out and launch anything is a great reason to use strict confinement, especially considering CVEs in git, etc.
That said, other git snaps have been made classic. @niemeyer, @Wimpress and /or @popey - thoughts?
I believe the choice should be left to the users: Proposal: Allow recipes for strict and classic confinement to co-exist
With classic confinement and proper dynamic linker library search path manipulation we can use the Git distribution installed from the GNU+Linux distribution or by the user(e.g. The “Git stable releases” PPA), which is probably even safer than bundling a (possibly vulnerable) Git in the snap in this aspect as users often allow SSH and GnuPG private key access to the snap.
@niemeyer, @Wimpress, @popey, @Igor, @evan - ping
Ping @Wimpress, @popey, @Igor, @evan - ping, all we need is the vetting and I can grant.
Vetted, +1 from me for classic.
Granting use of classic. This is now live.