Classic confinement request: `gh`

Currently the GitHub CLI is published with strict confinement, but this limits its capabilities quite significantly. While core functionality works thanks to vendoring in various packages like git, nano, etc., fundamentally the application expects to use the user’s system copy of git, including any installed plugins (and access to git hooks, etc.)

I believe this app meets the requirements for classic confinement for the same reasons as git-cola.

N.B. I am not the owner of the Snapcraft listing, but the owner did make me a collaborator specifically for this purpose.

Once we have classic confinement enabled, the plan is to move to publishing the snap using an already-built snapcrafters-like release process and to eventually move it under snapcrafters (with me as the primary maintainer), as the upstream maintainers currently have no interest in owning the snap package.


gh would appear to meet the requirements for classic confinement as it wants to execute arbitrary user defined applications from the users host system, and it roughly fits within the supported categories of a debug tool / IDE.

To proceed with granting this however publisher vetting is required - @advocacy could you please vet the publisher? Thanks.

1 Like

+1 from me, I verified the publisher (@lengau clearly and directly explained the affiliation).

Thanks @Igor - classic confinement override granted for gh - this is now live.


(As owner of the snap) wanted to say thanks to @lengau, @alexmurray & @Igor. Hopefully will publish a fixed version soon.

1 Like