As per Disabling autoconnections - #2 by jdstrand, I’d like to request that the home interface be not autoconnected by default for the xnote-stopwatch snap. The main functionality of the application does not require such access and the scope of the home interface is deemed too risky for the untrusted nature of the snapped application(it is downloaded from the official website at runtime without a robust mechanism to ensure its authenticity).
Thanks!
Currently, the risk is mitigated by presenting a dialog to prompt the user to manually disconnect the plug when the access is not needed:
It would be preferable if it’s done the other way.
Thank you @Lin-Buo-Ren for requesting to remove the auto-connect of the home interface as it is not needed by the snap. I am in favor of this request
+1 from my side
+1 from me as well to disable auto-connection for the home interface since the broader access is not required as explained. But I wonder if you could implement some security verification during the download process instead? Not sure if you have such information available from upstream, but asking just in case.
The upstream only provides unversioned download links without checksum files so I’m afraid it isn’t possible.
Hey @Lin-Buo-Ren
I’ve created the declaration and home interface should not auto-connect anymore, but manual connection from the user should be required. Could you please confirm that it works as expected?
Thanks
Yes, I can verify that it works as expected, thanks!
$ sudo snap install xnote-stopwatch
...stripped...
$ snap connections xnote-stopwatch | grep home
home xnote-stopwatch:home - -