Dear David,
As a user I would like to have a repo with the following characteristics:
* Guarantee that apps do not break my device by installing incompatible
versions of libraries.
* App Ratings, and download numbers, and ability to sort the list of apps based
on these.
* App comments
* Easy search functionality, categories.
* A clear statement that applications that “snoop on the user” are not welcome,
except for sending statistics back to the repo itself.
* If possible, a guarantee that the application has been audited to not “phone
home”. One possible option would be that applications that use the internet
could voluntarily have a “whitelist” of sites that it will connect to. That
will make me trust the application more!
As a developer, I would like to have a repro with the following characteristics
* Clear guidelines that show what is allowed, and how to package the apps.
* Example projects that are “ready out of the box”.
* Automated checks that I can run before I upload the package, so that most
errors are caught before upload.
* Clear, timely feedback if my application is not compliant
* An analytics library that I can use in my application, that would send usage
statistics to the repo. All other “snooping” on the user would be disallowed.
* Statistics about downloads, analytics, etc
Regards,
Erlend
On 05.02.2014, at 16:00, David Greaves da...@dgreaves.com wrote:
On 04/02/14 07:40, Thomas B. Rücker wrote:
My question has been lingering for a while. (
https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/
)
But during FOSDEM we had a Sailfish/Jolla Community Round-Table (
https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864
). This topic was brought up and seems Sailors are committed to address
this with pushing forward towards a clean open source app repository
with community QA and easy on-device access after enabling developer mode.
That's my personal goal, yes.
For those who don't know, I run the infra and OBS for Mer - I used to run the
community OBS and other infra for MeeGo too. I am a sailor - but today I'm
mailing as a community guy.
I setup Chum as a place to build Jolla apps on an OBS. It just works. There is
no fancy storefront or BOSS integration. We need that.
I'd like to see some public docs on the Chum rules and governance so that we
can
reasonably expect Jolla to trust us to do a professional job. I know that they
worry about reputation and customer experience. So do I.
I don't think we need full automation of the checks yet - but I do think we
can
clearly state the boundaries: open source only; auditability; community QA...
I'd like to see what our target is from a user perspective ... eg how do we
make
sure users can upgrade their devices. It's a technically difficult problem. We
may well need to ask Jolla for hooks into SailfishOS ... but luckily we may
also
be able to write those hooks in Mer/Nemo and have Jolla just get them.
I also recall that community QA was not terribly effective - I think this
needs
adressing.
I used Chum as the repo title (it's the bloody fish guts you use to attract
sharks!) - I'm not sure it's a good name but there are plenty of attacks :)
This would provide something like Maemo Extras and would be community
QA'd to ensure the apps don't pose major problems when installed. On the
other hand it would provide an easy middle ground for apps that don't
fit into harbour for various reasons (API calls, dependencies, etc.).
Yes - I'd like to explore how we can add one or more library areas to devices
for sets of shared libraries. Eg I use bullet physics engine in my 3D Dice
game
- I don't want to have to ship it. But how do we cope when bullet v3 comes
out?
It will be backed by an OBS project on Mer community OBS, which has
Sailfish targets. OBS has come a very long way since we've seen it
first. I've personally had several apps build out of the box by just
_clicking_:
* create package
* source provision through tar_git
If the app builds on a clean SDK, then it's highly likely to build out
of the box also on OBS.
Good. We need more docs though.
You may now say what about openrepos?. They have chosen to be a site
for one-click RPM hosting repositories with no QA. Despite their best
efforts this approach has led to significant problems. Also it does
binary only uploads and thus non-free/closed applications and no
traceable chain from source to binary.
That said, if the openrepos client (warehouse) passes community QA it
will for sure be included in the community repository. Thus allowing
users to install it easily, if they so wish. We're not hostile towards
it, it just doesn't offer the level of trust to be a viable avenue for a
default community repository.
I don't mind openrepos - there are plenty of places where users can go on the