Hi all, I just returned from the recent GNOME Developer Experience Hackfest in Cambridge, UK. We discussed xdg-app a fair bit, particularly in terms of the overall user experience it could provide. I've copied my (incomplete) notes below, for those who might be interested.
Allan --- Direct download vs centralised repositories ------------------------------------------- Being able to download apps direct from their authors is desirable, both in enabling control by application authors, and specialist in-house applications. At the same time: * There are security/trust issues with downloading apps from the web, and this can be a particular issue in the Free Software world. * There are also obvious UX advantages to app stores, in enabling users to easily discover applications, see ratings, etc. * It therefore seems desirable to adopt a two-pronged strategy, where direct downloads coexist with a centralised repositories that are hosted by runtime author/maintainers. * Ideally, application submissions to an application repository would be vetted and reviewed. This would guarantee a certain level of quality and trustworthiness, and enhance the brand and reputation of the platform. Resources and maintanence are an obvious issue with this. Preventing malicious apps -------------------------- Where possible, application distribution needs to be designed in order to prevent malicious applications entering the ecosystem, and provide protections against them for users. One possibility - certificates could be issued for authors wanting to release xdg applications. These would then be used to sign applications, and unsigned apps could then be flagged as untrusted. Software could allow users to report malicious applications (this could be integrated into Software), and certificates could be revoked as necessary. A corresponding process might be required for applications that have unintentional security issues. Application sandboxing v bundling --------------------------------- * Sandboxing on its own may not have direct (or obvious) benefits for application authors. * If sandboxing is optional, there is a danger that its value will be undermined. * The architecture of xdg-app has implications for the design of application sandboxing. Therefore, it might be premature to introduce bundling before sandboxing has matured, and there might be value in linking xdg-app and sandboxing, so that xdg-app is introduced with mandatory sandboxing. At the very least, careful thought needs to be given to the implications of xdg-app for sandboxing, before the former is released into the wild. Runtimes -------- * GNOME will need to provide guarantees about API/ABI stability for each runtime version. * Infrastructure to continuously check for API/ABI breakage in the runtime is desirable. * Software will need to inform users when apps depend on an old runtime that has known security bugs. There might well need to be a way for users to disable/uninstall these apps. * Vendors will likely need to modify/adapt runtimes to work with the OS. Therefore, there might need to be tooling/specifications with which it is possible to check (or certify) that an OS conforms to the upstream runtime definition. Miscellaneous questions and topics ----------------------- * How to handle codecs? * There will need to be support for other operating system add-ons (fonts, dictionaries, input method engines, keyboard layouts, etc). * Should Builder be able to download and install runtimes? _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
