Comment 2 for bug 1612005

We're quite reluctant to do this because it basically opens the floodgates to having all snaps be able to download anything whenever they like. I understand that this would have some usability benefits, but it imposes a strong requirement on us to do much more monitoring of our build farm than we currently have the capacity to do. Anyone at all can ask Launchpad to build a snap for them, and that means that anyone can cause the Launchpad build farm to issue fairly arbitrary web requests: what happens if somebody uses us to execute a denial of service attack against some other service? What if that causes that service to blacklist us, affecting anyone else who wants to use the Launchpad build farm to perform legitimate snap builds?

The benefit of doing things in the pull phase is that it can be (at least almost entirely) declarative, rather than giving people largely-unrestricted access to issue more or less whatever requests they like through our proxy.

As such, we'd push back quite hard against a proposal to open this up to the build phase. Please consider doing this in pull instead.