Comment 2 for bug 1730255

I discussed this with the security team and mvo and we decided that this will be assign 'low' priority in terms of the CVE, but that the fix should be in 2.29. Because it is 'low' priority, we can forego embargo and let the snapd team work and discuss this issue in public as they see fit.

It does mean that the 2.29 SRU will need to be built in the security ppa and get a USN. The timing can still be controlled by the SRU process though. Eg, give me the source package, I sponsor it into the security ppa, when built, we copy it to -proposed to undergo normal validation, when validated, it goes to both -updates and -security, when to -security, we issue the USN.