'lxd' inteface for 'lxd-terminal'

I’m developing an integration which is a terminal that opens directly into an LXD container that it creates. The idea being that you can you can put developer tools in that container without installing them on your host system. The host system could then, potentially, be read-only as well. To setup the container and to execute a shell in it the snap needs access to LXD. The only container that the program uses is one with the name lxd-terminal-$username (to allow multi-user setups). It does not control, configure or adjust any other containers on the system.

1 Like

+1 from me - the primary purpose of this snap is to utilise lxd and it cannot work without the lxd plug being connected - so consider this +1 for both use-of and auto-connect of lxd for the lxd-terminal snap. Note, since the lxd plug is super-privileged, if granted this will require publisher vetting as well.

+1 too for interface access and auto-connect

It has been one week, so my understanding is that the voting is closed with a +2, which means it passes. Thank you @pfsmorigo and @alexmurray for your votes of confidence.

I’m not sure what “publisher vetting” is, as I can’t find anything about it in any of the published policies, but I’ll try to figure that out next.

+2 votes for, 0 votes against. @advocacy could you please perform publisher vetting? Then we can proceed to grant this for lxd-terminal. Thanks.

@ted What is the official page for lxd-terminal please?

@Igor I haven’t setup a webpage or anything like that, but the Git repo is currently here: https://github.com/ted-gould/lxd-terminal

@ted I don’t really have a good way to verify you based on the data that I have. I don’t doubt your credentials, but given the super-sensitive nature of the this snap, I need more than just the GH repo as the only reference point.

@alexmurray Any suggestions from your side?

Can you link me to the policy document regarding “publisher vetting” so that I can see what options are available? Perhaps there is something I can do there.

@ted If you don’t mind, I will leave that to @alexmurray as the representative of the Store/Security team. Thanks.

Any update? It’s been a month.

@Igor is the expert on publisher vetting to my knowledge so I can’t really give much context here - perhaps @holly can?

As far as I understand the general idea is to establish trust that the publisher is who they claim to be and are a representative of the upstream project in question (and hopefully that they also appear to have good standing in the community etc although this is a bit harder to gauge).

From what I can see @ted you definitely appear to meet these requirements but the hard bit is making sure you (ie the individual posting on the forum and uploading to the store) are who you claim to be - assuming your GPG key listed on Launchpad is still current (ie 0x46C2E0AE5B5639B4DCE1454D9E28586D33E6185C), could you please email me an email signed with this key, plus sign at least one commit in the upstream lxd-terminal repo and this should be sufficient to my mind to establish this trust.

Cool. I’m traveling right now and don’t have that key with me, but I’ll update when I get back home. Thanks!



And here is a signed commit: https://github.com/ted-gould/lxd-terminal/commit/0a4caceb4126f28484700cf4996b219387720f07

Excellent - thanks @ted. I have vetted the publisher. This is now live.

1 Like