A UX question about requiring users to pass in --classic
Tyler Hicks
tyhicks at canonical.com
Fri Jan 27 20:37:16 UTC 2017
On 01/27/2017 01:32 PM, Jamie Strandboge wrote:
> On Fri, 2017-01-27 at 17:40 +0000, Adam Stokes wrote:
>> Since releasing the conjure-up snap I have gotten a few questions as to why
>> we have to pass in --classic when the snapcraft.yaml defines the
>> confinement mode already.
>>
>> I understand that this is similar to if a user was to snap install a snap
>> that was strictly devmode. We do want make the user aware of what they are
>> installing and any possible caveats that go along with that. Forcing the
>> use of --classic and --devmode make sense in the overall picture, however,
>> cosmetically and user happiness (i guess?) this just seems like a _lot_ of
>> typing.
>>
>> So I'm not arguing the use of --classic or --devmode but what if we take
>> another approach and treat both --classic and --devmode as a 'force/yes' in
>> the apt world and provide a simple Y/n prompt asking the user if they are
>> sure they wish to install said snap because of it's current confinement
>> mode?
>>
>> I much rather advertise running:
>>
>> $ snap install conjure-up
>>
>> And the experience be:
>>
>> Fetching info..checking confinement mode..
>> This is a classic snap, are you sure you wish to continue? [Y/n]
>> conjure-up installed
>>
> AIUI (please correct me) the reason why we have --classic and --devmode is very
> intentional so that the user has to type and think about what is happening since
> this is allowing the publisher access to everything on your system. The example
> text in the prompt you provide doesn't convey this and I worry that what many
> people will see (regardless of phrasing) is:
>
> $ snap install foo
> blah blah..checking blah blah..
> Do you want me to install what you just told me to install? [Y/n] y
> foo installed
You're correct.
Not only will it become click-through security but it'll also make it
more appealing to simply not care about achieving proper confinement
with your snap. I'm more worried about --devmode in that regard but it
is also something to consider for --classic.
Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170127/2c8d07f5/attachment.sig>
More information about the Snapcraft
mailing list