we are setting up a Brand Store for our production environemnt.
We need to understand better the workflow explained 1.
In particular we are able to create a snap declasration with create-snap-declaration.py but we are not able to update the snap declaration for the snap.
What is the way to accomplish this? we read 2 and there it said that
“Then paste the output into the reviewer form.”
but we don’t find anything for accomplish this.
Are we wrong about something?
navigate to your snap in the store. Eg https://dashboard.snapcraft.io/dev/snaps/<YOUR SNAP'S STORE ID>/
On the left, click ‘Overview’
If you are a reviewer for your store, in the middle of the page you will see ‘Review capabilities’ that will show any snap declarations you have currently applied. To modify them, click the ‘Review capabilities’ link
Scroll down and you will find text areas for Plugs, Slots, Aliases (v2), Aliases and refresh-control
paste the json from the tool into the appropriate text area
@noise, @natalia, @ratliff , @tyhicks - I see https://docs.ubuntu.com/core/en/build-store/reviewer-tools has been written and it talks about brand owners using create-snap-declaration.py. This tool is not implemented for widespread use and it has a lot of limitations. While it works fine for the simplest of snap declarations, it breaks down quickly. Also, snap declarations are a delicate proposition and it is easy to give away too many permissions and there is no documentation discussing that. AIUI, it was always part of the brand proposition that Canonical would assist with snap declarations. If we are telling people just to use the tool, work needs to be prioritized to make it better and to document its use.
These tools are used by the reviewer team only. Nobody outside of that team should be able to update such snap-declarations to the store directly, even within branded stores, due to the many interactions which will exist across publishers. The usual way to update the declarations is by requesting the changes here in the #store category.
My personal understanding was that because brand stores and their content may be private, brand stores work with store reviewers (eg, the Canonical contact for the brand store) to define appropriate snap declarations and that those store reviewers would escalate to the security team as needed (ie, brand stores would not use the forum because they should be able to control their brand, but they need to work with reviewers to guide them and make sure the snap declarations make sense).
It seems that the documentation says one thing, I have a different understanding and @niemeyer another. We need to get in alignment, those pages rewritten, the store updated, etc, etc.
My understanding is the same as yours Jamie. I’d still prefer to default to the forum (that’s the subtle “usual” in the sentence above), but if there’s some need of privacy we can set up a closed area for those conversations, as long as they’re not about publicly available snaps.
I’m in general agreement about still having declaration changes requested in the forum and follow the normal flow. We should get the docs updated and discuss internally the mechanism for private snaps.
In that light, @NCuralli would you like to make the request for the declaration publicly here or through internal contacts? If the former, feel free to use the process outlined in https://forum.snapcraft.io/t/process-for-reviewing-aliases-and-auto-connections (that is intentionally only for aliases and auto-connections, not installation or connection constraints, but we can follow that process for now to understand any procedural differences we might need to account for).
As Bret said we should have a separated conversation to fully define our policies, I understand this conversation already started between Gustavo and him, so until then requesting the changes in the forum feels like the best approach.