Process for reviewing classic confinement snaps


#1

Classic confinement review process

Background

As of snapd 2.20, snappy supports confinement: classic which allows the snap to run without restrictions. Future releases of snapd will also support a classic interface (name TBD) that operates similarly. Snaps specifying classic confinement may target the stable channel, but are only supported on classic distro systems (ie, not on Ubuntu Core).

Because classic confinement snaps run without restrictions, use of classic confinement effectively grants device ownership to the snap. Due to the sensitive nature of classic confinement:

  • users must specify --classic when using snap install to install a snap using classic confinement
  • the review process in the snap store will flag for human review snaps that specify classic confinement
  • the store provides a mechanism for the reviewer to allow classic confinement to the snap so that subsequent uploads do not trigger human review
  • the publisher shall be vetted using the processes in this topic before classic confinement is granted by the store

Definitions

  • reviewers are https://launchpad.net/~myapps-reviewers
  • snappy architects are Mark, Gustavo, etc
  • advocacy team is @evan, @Igor, @popey and @Wimpress
  • classic confinement is defined as confinement: classic and the upcoming classic interface (final name TBD)
  • classic confinement applies to a particular snap ID and may be revoked by the store

Process

  1. the publisher makes the request for classic confinement in the forum using the ‘store’ tag
  2. the advocacy team, reviewers team and/or architects participate in vetting the snap/publisher
  3. the technical reasons for why the snap uses classic confinement are gathered in the forum post and captured for potential future snapd improvements
  4. once the publisher has been vetted, the technical reasons are captured and the request is approved, a store reviewer will issue a snap declaration for the snap and add a comment to the store, giving the URL to the forum post

Classic confinement for Sublime Text 3
Classic confinement for goby
Nikola snap could use classic confinement
Publish snap with classic confinement
Classic confinement for Android Studio
Classic confinement request for rem snap
Classic confinement for Android Studio
NetBeans on Snapcraft
Pharo7 name registered
Request for manual review of Moodle Desktop app on the Ubuntu Store
Classic confinement request for the nano snap (was: nano-classic)
Transfer hub snap to me
Vmanager Snap Classic confinement
Classic confinement for ubports installer
Classic confinement request for hw-probe
Classic confinement request for the android-file-transfer snap
Allow classic confinement for electron/asar
Classic confinement request for ubup
Getting ready for stable
Classic confinement for existing Helm snap
Classic confinement request for Clementine
Classic confinement request for eclipse
Using the script inside the snap
Classic Confinement Request for the wimlib Snap
Classic Confinement Request for the git-cola Snap
Classic Confinement Request for the ipfs-cluster Snap
Classic confinement request for the go-mtpfs-brlin snap
Permission denied while attaching files (may require classic confinement)
#2

@niemeyer and @evan, can you review these processes?


#3

Thank you Jamie, this is good. I have one lingering concern: can we do more to direct software vendors to the forum for this request? For example, could the feedback from automated review instruct them to create a forum post?


#4

Yes, I’ll make that happen.


#5

Per Classic confinement for Android Studio, we should consider members of the snapcrafters team as vetted if the snap is coming from one of the snapcrafters repositiories. @evan, @Wimpress and @popey (ie, the snap advocacy team which vets publishers) handle invitations to the team and vetting of team members and they review all PRs from members.


#6

Sometimes publishers request the use of classic for so-called ‘installer snaps’. One particular variant of installer snap is one that provides a frontend for manipulating traditional distro packaging repositories and software installation and removal which may or may not also include installing snaps.

In addition to the normal criteria outlined above, the following criteria should also be met when considering this variant of installer snap:

  • Is the snap an image frontend for applications (meaning it is being shipped in the image itself by the image builders)?
  • Does the the particular image (the Linux distribution or flavor) have a visible community behind it that would justify the snap to be publicly available?
  • Does the snap name, summary, and description clearly describe the use case, so people wouldn’t risk installing it without intending to? (for example, <distro name>-...-welcome, etc. Eg, ubuntu-mate-welcome)

Note that some ‘installer snaps’ (eg, gnome-software and software-boutique) are not distro-specific (eg, they work with any number of package backends) and therefore may not be required to be prefixed with <distro>-. These will be evaluated case by case using the above criteria as a starting point.

References:


Classic confinement request for Ubuntu MATE Welcome and Software Boutique
#7

I would like to request pinning this topic in the store category.


#8