Dear David, As a user I would like to have a repo with the following characteristics: * Guarantee that apps do not break my device by installing incompatible versions of libraries. * App Ratings, and download numbers, and ability to sort the list of apps based on these. * App comments * Easy search functionality, categories. * A clear statement that applications that “snoop on the user” are not welcome, except for sending statistics back to the repo itself. * If possible, a guarantee that the application has been audited to not “phone home”. One possible option would be that applications that use the internet could voluntarily have a “whitelist” of sites that it will connect to. That will make me trust the application more!
As a developer, I would like to have a repro with the following characteristics * Clear guidelines that show what is allowed, and how to package the apps. * Example projects that are “ready out of the box”. * Automated checks that I can run before I upload the package, so that most errors are caught before upload. * Clear, timely feedback if my application is not compliant * An analytics library that I can use in my application, that would send usage statistics to the repo. All other “snooping” on the user would be disallowed. * Statistics about downloads, analytics, etc Regards, Erlend On 05.02.2014, at 16:00, David Greaves <da...@dgreaves.com> wrote: > On 04/02/14 07:40, "Thomas B. Rücker" wrote: >> My question has been lingering for a while. ( >> https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/ >> ) >> >> But during FOSDEM we had a Sailfish/Jolla Community Round-Table ( >> https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864 >> ). This topic was brought up and seems Sailors are committed to address >> this with pushing forward towards a clean open source app repository >> with community QA and easy on-device access after enabling developer mode. > > That's my personal goal, yes. > > For those who don't know, I run the infra and OBS for Mer - I used to run the > community OBS and other infra for MeeGo too. I am a sailor - but today I'm > mailing as a community guy. > > I setup Chum as a place to build Jolla apps on an OBS. It just works. There is > no fancy storefront or BOSS integration. We need that. > > I'd like to see some public docs on the Chum rules and governance so that we > can > reasonably expect Jolla to trust us to do a professional job. I know that they > worry about reputation and customer experience. So do I. > > I don't think we need full automation of the checks yet - but I do think we > can > clearly state the boundaries: open source only; auditability; community QA... > > I'd like to see what our target is from a user perspective ... eg how do we > make > sure users can upgrade their devices. It's a technically difficult problem. We > may well need to ask Jolla for hooks into SailfishOS ... but luckily we may > also > be able to write those hooks in Mer/Nemo and have Jolla just get them. > > I also recall that community QA was not terribly effective - I think this > needs > adressing. > > I used "Chum" as the repo title (it's the bloody fish guts you use to attract > sharks!) - I'm not sure it's a good name but there are plenty of attacks :) > >> This would provide something like Maemo Extras and would be community >> QA'd to ensure the apps don't pose major problems when installed. On the >> other hand it would provide an easy middle ground for apps that don't >> fit into harbour for various reasons (API calls, dependencies, etc.). > > Yes - I'd like to explore how we can add one or more library areas to devices > for sets of shared libraries. Eg I use bullet physics engine in my 3D Dice > game > - I don't want to have to ship it. But how do we cope when bullet v3 comes > out? > >> It will be backed by an OBS project on Mer community OBS, which has >> Sailfish targets. OBS has come a very long way since we've seen it >> first. I've personally had several apps build out of the box by just >> _clicking_: >> * create package >> * source provision through tar_git >> If the app builds on a clean SDK, then it's highly likely to build out >> of the box also on OBS. > > Good. We need more docs though. > >> You may now say "what about openrepos?". They have chosen to be a site >> for one-click RPM hosting repositories with no QA. Despite their best >> efforts this approach has led to significant problems. Also it does >> binary only uploads and thus non-free/closed applications and no >> traceable chain from source to binary. >> That said, if the openrepos client (warehouse) passes community QA it >> will for sure be included in the community repository. Thus allowing >> users to install it easily, if they so wish. We're not hostile towards >> it, it just doesn't offer the level of trust to be a viable avenue for a >> default community repository. > > I don't mind openrepos - there are plenty of places where users can go on the > internet that expose them to greater or lesser degrees of risk. It's their > choice. I would choose to be more restrictive than openrepos on what's allowed > into the community store. I also think we have a slighly different focus - > openrepos is literally a free-for-all. I hope Chum (or whatever) will have > more > of a "reliable quality for the user" goal. > > If/when warehouse gets onto community store I would like to be clear about > what > it provides as there would be a sense of it meeting the users expectation of > quality/safety. > >> This is a PERSONAL summary of MY recollection of the FOSDEM discussion >> on this topic. I hope that Jolla will now finally back this up and we >> will see Sailors working towards this. > > Still community hat! I am of the opinion that Jolla do a lot for the community > simply in how they operate. I think much of this is our job. We need to > clearly > ask for things and justify why they should be granted. > > Eg I think we should ask for a similar role as maemo extras - but we need to > justify why we can be trusted to essentially grant root privileges to any app > developer on any users jolla device. > > As for sailors working on this - I think we may like Jolla to grant them some > company time to respond to these feature requests - but mainly how much time > they spend on community things is down to them. Some sailors love openrepos > approach; some love Mer OBS/Chum approach :) > >> For those who already want to get started, there is a SailfishOS target >> on OBS and a community repository called "Chum" where applications will >> be visible in the future. >> https://build.merproject.org/project/subprojects?project=sailfishos > > Yep - I'll add 1.0.3.8 today too. > > David > > -- > "Don't worry, you'll be fine; I saw it work in a cartoon once..." > > _______________________________________________ > SailfishOS.org Devel mailing list _______________________________________________ SailfishOS.org Devel mailing list
