<div dir="ltr">Okay, agreed on all points.<div><br></div><div>The near-to-medium term plan is to have snaps able to request access to particular interfaces on demand.</div><div><br></div><div>We have a good pipeline to implement this already. We just need to connect the dots.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 21, 2017 at 2:12 PM, Jamie Strandboge <span dir="ltr"><<a href="mailto:jamie@canonical.com" target="_blank">jamie@canonical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Tue, 2017-02-21 at 13:23 -0300, Gustavo Niemeyer wrote:<br> > Actually, we do have a mechanism that enables the automatic connections in<br> > those cases, and we can enable it in sensible cases, even for the camera.<br> ><br> > The question we should ask here is this: what is the snap purpose? Is it<br> > clear from the snap name and description that this is using a camera?<br> ><br> > If the answer yes, then I think it's fine to auto-connect.<br> ><br> > In this particular case, the snap name is called "webcam-webui". IMO, it'd<br> > be fine to auto-connect it. Jamie?<br> ><br> <br> </span>In general, I agree with what you described for special cases where it is<br> obvious what the snap is and its functionality can be deduced. Personally, I<br> think that where it is obvious should be the snap name, not the description,<br> because people tend to only see the snap name and the description can change at<br> a later date to not meet our review criteria.<br> <br> While the bug refers to 'webcam-webui', I spoke with the 'Dev Dev' on irc and<br> the snap in question is actually 'Bayam' and the description in the store is<br> "Bayam, jeux, découvertes et activités pour enfants" which google translate<br> tells me is "Bayam, games, discoveries and activities for children". Nothing in<br> that would give me the expectation that the snap would have access to the<br> camera. I then explained how interfaces work and why and did not grant the snap<br> declaration. I then advised the conversation should be taken here in part to ask<br> "What are the plans for making snap connections easier for cli, snapweb and<br> gnome-software installs and what is the timeline of that work?"<br> <div class="HOEnZb"><div class="h5"><br> > On Tue, Feb 21, 2017 at 1:15 PM, Oliver Grawert <<a href="mailto:ogra@ubuntu.com">ogra@ubuntu.com</a>> wrote:<br> ><br> > ><br> > > hi,<br> > > Am Dienstag, den 21.02.2017, 11:03 -0500 schrieb Dev Dev:<br> > > ><br> > > > Hi,<br> > > ><br> > > > Anyone can give me more information (ETA, how it will works) about<br> > > > the<br> > > > connection to camera. Right now, I need to ask my users who installed<br> > > > myapp via the Software Center to open a terminal and run:<br> > > > sudo snap connect myapp:camera<br> > > ><br> > > > It needs to be automagically connected.<br> > > if that was the case, what would keep me from creating "myapp-so-much-<br> > > more-shiny" that then quietly and constantly streams the camera pic to<br> > > some website without the user knowing ? (and also since i used the<br> > > myapp name in my snap your company might even get the blame for the<br> > > spying as well as the bad press around it)<br> > ><br> > > the manual connection of some risky interfaces is exactly what keeps<br> > > the users safe from bad stuff happening, we would not need interfaces<br> > > if we connected all of them automatically.<br> > ><br> > > i agree that having a more interactive way is the way to go here ...<br> > > i.e. if you install a gui app it should ask for the connection on first<br> > > access (and only on first) ... or when installing from cmdline it might<br> > > offer the connection at install time, but such potentially security<br> > > critical interfaces should really not auto-connect.<br> > ><br> > > ciao<br> > > oli<br> > > --<br> > > Snapcraft mailing list<br> > > <a href="mailto:Snapcraft@lists.snapcraft.io">Snapcraft@lists.snapcraft.io</a><br> > > Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/" rel="noreferrer" target="_blank">https://lists.ubuntu.com/</a><br> > > mailman/listinfo/snapcraft<br> > ><br> > ><br> ><br> > -- <br> > Snapcraft mailing list<br> > <a href="mailto:Snapcraft@lists.snapcraft.io">Snapcraft@lists.snapcraft.io</a><br> > Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/s" rel="noreferrer" target="_blank">https://lists.ubuntu.com/<wbr>mailman/listinfo/s</a><br> > napcraft<br> --<br> </div></div><span class="HOEnZb"><font color="#888888">Jamie Strandboge | <a href="http://www.canonical.com" rel="noreferrer" target="_blank">http://www.canonical.com</a><br> <br> </font></span><br>--<br> Snapcraft mailing list<br> <a href="mailto:Snapcraft@lists.snapcraft.io">Snapcraft@lists.snapcraft.io</a><br> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/snapcraft" rel="noreferrer" target="_blank">https://lists.ubuntu.com/<wbr>mailman/listinfo/snapcraft</a><br> <br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><br>gustavo @ <a href="http://niemeyer.net" target="_blank">http://niemeyer.net</a></div> </div>