Hub: This application is unconfined. It can access all personal files and system resources.

Created on 29 Oct 2019  路  9Comments  路  Source: github/hub

Hi there! 馃憢

I was going to give Hub a try on Ubuntu, and rather than play sudo mv and sudo tar zxf game I'd see if it was available via the Ubuntu software centre.

It is! But there's a bit of a scary warning on there too.

image

Is this developer associated with this project at all?

Thanks.

more-info-needed
Source
picture spences10
👍1

Most helpful comment

I'm okay with handing over the hub Snap Store namespace to this project as long as someone doesn't change their mind in 3 months and then decides to kill off the snap completely. I've seen that with other projects which then leaves all the snap users screwed.

For sure, I understand your concern. The only way that I would implement this would be long-term, as part of release automation for hub. I'm still sorting out my thoughts and ideas for this, but when I find the time to revamp our release process and integrate this into it, I appreciate these pointers and I will reach out to you over the forum.

picture mislav on 7 Nov 2019
👍2

All 9 comments

See https://github.com/github/hub/pull/1968#issuecomment-463644545 /cc @felicianotech

I think the notice is in order. If this snap could be made more "secure" or trustworthy, then we're open for suggestions. But since hub is a wrapper for git, and thus needs to always be able to access files in the current directory, I'm not sure if we can "contain" it.

mislav picture mislav on 29 Oct 2019

Thanks @mislav I thought that this may be the case, but the scary warning!

Make it stop! :joy:

Thanks for the Snap package @felicianotech

spences10 picture spences10 on 29 Oct 2019
👍1

Going to close this since there's nothing actionable stemming from this item that we can do right now. Thanks for raising the issue!

mislav picture mislav on 29 Oct 2019
👍1

Hey.

I see that this Issue is closed but I do want to provide some context for anyone who sees this in the future.

Canonical, the commercial entity behind Ubuntu decided to mix snaps and traditional apt packages in the software center. The normal Snapcraft Store has slightly more information.

A classic confined snap (which is what the hub snap is) doesn't contain any of the security protections that a normal snap will have. While this may sound scary, this puts the security of classic snaps at more or less the same level as any .deb or apt package. It's just that strictly confined snaps have above average security (which is a great feature of snaps).

Due to this distinction, in order to publish the hub snap as a classic snap, I did have to go through a manual request process which you can find here. The reasoning for why the hub snap needed to be classic is in that thread.

The code for the snap is 99.9% the code from this repository. It's just the snapcraft.yml file, the CI process, readme, and Snap Store listing that I maintain. The repo for which can be found here.

I hope this makes things a little bit clearer.

felicianotech picture felicianotech on 29 Oct 2019
👍2

@felicianotech Thank you for the explanation! And of course for maintaining the snap.

If I wanted to automatically publish the hub snap as part of our release process, would you be open to:

  1. Me adopting the setup from felicianotech/hub-snap into this repository;
  2. You surrendering to us the authorship of the "hub" snap store listing?

As snaps become more widely used, I'm considering them to be the "official" hub releases for Ubuntu, and in any official release process in general I prefer to remove the influence of 3rd parties.

mislav picture mislav on 29 Oct 2019

Canonical, the commercial entity behind Ubuntu decided to mix snaps and traditional apt packages in the software center. The normal [Snapcraft Store] has slightly more information.

Thanks @felicianotech :pray:

I went ahead and installed via Snapcraft:

sudo snap install hub --classic

:+1:

spences10 picture spences10 on 30 Oct 2019

@mislav This was brought up before in another Issue or PR I think.

I'm okay with handing over the hub Snap Store namespace to this project as long as someone doesn't change their mind in 3 months and then decides to kill off the snap completely. I've seen that with other projects which then leaves all the snap users screwed.

If you're willing to support it for an extended period of time, then sure let's do this. The Snapcraft Team has a manual approval process for transitioning the namespace of a snap. If I'm not mistaken, you'd need to:

  1. Create an account over at https://forum.snapcraft.io. You can then let me know your username here or send a PM on the forum to FelicianoTech, and let me know here that you've done so.

  2. Create an "Ubuntu One" account over at https://snapcraft.io/. This is the account for which the snap itself will be owned by.

Once these two things are done, I can open a request post on the forum to start the process of getting this transferred.

felicianotech picture felicianotech on 7 Nov 2019

I'm okay with handing over the hub Snap Store namespace to this project as long as someone doesn't change their mind in 3 months and then decides to kill off the snap completely. I've seen that with other projects which then leaves all the snap users screwed.

For sure, I understand your concern. The only way that I would implement this would be long-term, as part of release automation for hub. I'm still sorting out my thoughts and ideas for this, but when I find the time to revamp our release process and integrate this into it, I appreciate these pointers and I will reach out to you over the forum.

mislav picture mislav on 7 Nov 2019
👍2

Sounds good to me. Thanks for maintaining hub @mislav.

felicianotech picture felicianotech on 7 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dsifford picture dsifford  路  4Comments
le0nik picture le0nik  路  4Comments
Kristinita picture Kristinita  路  4Comments
nicksergeant picture nicksergeant  路  3Comments
wwwdata picture wwwdata  路  3Comments