Personally I think that, as there is a trivial but essential integration step a distribution needs to do for
man to find the snap manpages, and as mandb’s security track record is rather good, and there’s a reasonably easy way of a user looking at a manpage if the integration step has not been taken, there isn’t a need to add anything further to snapd beyond the work needed to expose the manpages in a single location.
Concretely, and as a strawman, snapd can start exposing manpages in
/var/lib/snapd/man/. In Ubuntu and other places that carry the patch (or that consider it unnecessary),
/etc/manpath.config would be updated to search there; in a distro that doesn’t do the integration work, a user can
$MANPATH in their
MANDATORY_MANPATH /var/lib/snapd/man/ to their
~/.manpath — this one might be simpler to communicate.
- load the man pages by hand via
For people that are looking for manpages, are using snaps, and are using a distro that hasn’t done the integration work, telling them “drop this
.manpath in your home” seems fine to me.
Remember this extra hardening is upstream, so other distros will get it eventually (although I assume it’s compile-time optional), and mandb’s security record is such that even without it we’re probably ok.
To put it another way: distros that aren’t going to be picking up the hardening work are probably devmode already…