On 01/27/2017 01:32 PM, Jamie Strandboge wrote: > On Fri, 2017-01-27 at 17:40 +0000, Adam Stokes wrote: >> Since releasing the conjure-up snap I have gotten a few questions as to why >> we have to pass in --classic when the snapcraft.yaml defines the >> confinement mode already. >> >> I understand that this is similar to if a user was to snap install a snap >> that was strictly devmode. We do want make the user aware of what they are >> installing and any possible caveats that go along with that. Forcing the >> use of --classic and --devmode make sense in the overall picture, however, >> cosmetically and user happiness (i guess?) this just seems like a _lot_ of >> typing. >> >> So I'm not arguing the use of --classic or --devmode but what if we take >> another approach and treat both --classic and --devmode as a 'force/yes' in >> the apt world and provide a simple Y/n prompt asking the user if they are >> sure they wish to install said snap because of it's current confinement >> mode? >> >> I much rather advertise running: >> >> $ snap install conjure-up >> >> And the experience be: >> >> Fetching info..checking confinement mode.. >> This is a classic snap, are you sure you wish to continue? [Y/n] >> conjure-up installed >> > AIUI (please correct me) the reason why we have --classic and --devmode is > very > intentional so that the user has to type and think about what is happening > since > this is allowing the publisher access to everything on your system. The > example > text in the prompt you provide doesn't convey this and I worry that what many > people will see (regardless of phrasing) is: > > $ snap install foo > blah blah..checking blah blah.. > Do you want me to install what you just told me to install? [Y/n] y > foo installed
You're correct. Not only will it become click-through security but it'll also make it more appealing to simply not care about achieving proper confinement with your snap. I'm more worried about --devmode in that regard but it is also something to consider for --classic. Tyler
signature.asc
Description: OpenPGP digital signature
-- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
