| dob1 | it's not clear to who verify snap packages, because for ubuntu deb ones there is the debian/ubuntu teams, but for snap ones? everyone can submit a snap package to snap store? | 09:41 |
|---|---|---|
| dob1 | *clear to me | 09:41 |
| dob1 | it's a trusted souce like the deb packages ? | 09:43 |
| dob1 | *source | 09:43 |
| ogra_ | dob1, snaps are generally fully confined and can not access anythig on the host without using pre-defined snap interfaces ... on upload there are automatic checks which interfaces a snap defines... | 12:22 |
| dob1 | ogra_, my question was different | 12:22 |
| ogra_ | dob1, while non-dangerous interfaces are typically allowed (desktop apps being able to output on display etc), any of the dangerous interfaces trigger a manual review of the security team | 12:23 |
| dob1 | ogra_, that is an ubuntu teams ? | 12:24 |
| ogra_ | so there *is* the same level (i'd say even a higher one) of review a deb gets (for a deb reviews only happen on first upload, later revisions are based on the trust towards the uploader) | 12:24 |
| ogra_ | for snaps each single upload is auto-checked ... if a snap changes its security policies, that upload will trigger a new review | 12:25 |
| ogra_ | it is the reviewers team on the forum (see topic) ... and all reviews are publically discussed before an exception is granted ... (see the "store-request" category on the forum) | 12:26 |
| dob1 | ogra_, thanks for the info | 12:37 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!