[SailfishDevel] Repository Wishlist

Erlend Böe erlendboe at yahoo.com
Thu Feb 6 07:58:34 UTC 2014


Dear David,

As a user I would like to have a repo with the following characteristics:
* Guarantee that apps do not break my device by installing incompatible versions of libraries.
* App Ratings, and download numbers, and ability to sort the list of apps based on these.
* App comments
* Easy search functionality, categories.
* A clear statement that applications that “snoop on the user” are not welcome, except for sending statistics back to the repo itself.
* If possible, a guarantee that the application has been audited to not “phone home”. One possible option would be that applications that use the internet could voluntarily have a “whitelist” of sites that it will connect to. That will make me trust the application more!


As a developer, I would like to have a repro with the following characteristics
* Clear guidelines that show what is allowed, and how to package the apps.
* Example projects that are “ready out of the box”.
* Automated checks that I can run before I upload the package, so that most errors are caught before upload.
* Clear, timely feedback if my application is not compliant
* An analytics library that I can use in my application, that would send usage statistics to the repo.  All other “snooping” on the user would be disallowed.
* Statistics about downloads, analytics, etc

Regards,
Erlend

On 05.02.2014, at 16:00, David Greaves <david at dgreaves.com> wrote:

> On 04/02/14 07:40, "Thomas B. Rücker" wrote:
>> My question has been lingering for a while. (
>> https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/
>> )
>> 
>> But during FOSDEM we had a Sailfish/Jolla Community Round-Table (
>> https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864
>> ). This topic was brought up and seems Sailors are committed to address
>> this with pushing forward towards a clean open source app repository
>> with community QA and easy on-device access after enabling developer mode.
> 
> That's my personal goal, yes.
> 
> For those who don't know, I run the infra and OBS for Mer - I used to run the
> community OBS and other infra for MeeGo too. I am a sailor - but today I'm
> mailing as a community guy.
> 
> I setup Chum as a place to build Jolla apps on an OBS. It just works. There is
> no fancy storefront or BOSS integration. We need that.
> 
> I'd like to see some public docs on the Chum rules and governance so that we can
> reasonably expect Jolla to trust us to do a professional job. I know that they
> worry about reputation and customer experience. So do I.
> 
> I don't think we need full automation of the checks yet - but I do think we can
> clearly state the boundaries: open source only; auditability; community QA...
> 
> I'd like to see what our target is from a user perspective ... eg how do we make
> sure users can upgrade their devices. It's a technically difficult problem. We
> may well need to ask Jolla for hooks into SailfishOS ... but luckily we may also
> be able to write those hooks in Mer/Nemo and have Jolla just get them.
> 
> I also recall that community QA was not terribly effective - I think this needs
> adressing.
> 
> I used "Chum" as the repo title (it's the bloody fish guts you use to attract
> sharks!) - I'm not sure it's a good name but there are plenty of attacks :)
> 
>> This would provide something like Maemo Extras and would be community
>> QA'd to ensure the apps don't pose major problems when installed. On the
>> other hand it would provide an easy middle ground for apps that don't
>> fit into harbour for various reasons (API calls, dependencies, etc.).
> 
> Yes - I'd like to explore how we can add one or more library areas to devices
> for sets of shared libraries. Eg I use bullet physics engine in my 3D Dice game
> - I don't want to have to ship it. But how do we cope when bullet v3 comes out?
> 
>> It will be backed by an OBS project on Mer community OBS, which has
>> Sailfish targets. OBS has come a very long way since we've seen it
>> first. I've personally had several apps build out of the box by just
>> _clicking_:
>> * create package
>> * source provision through tar_git
>> If the app builds on a clean SDK, then it's highly likely to build out
>> of the box also on OBS.
> 
> Good. We need more docs though.
> 
>> You may now say "what about openrepos?". They have chosen to be a site
>> for one-click RPM hosting repositories with no QA. Despite their best
>> efforts this approach has led to significant problems. Also it does
>> binary only uploads and thus non-free/closed applications and no
>> traceable chain from source to binary.
>> That said, if the openrepos client (warehouse) passes community QA it
>> will for sure be included in the community repository. Thus allowing
>> users to install it easily, if they so wish. We're not hostile towards
>> it, it just doesn't offer the level of trust to be a viable avenue for a
>> default community repository.
> 
> I don't mind openrepos - there are plenty of places where users can go on the
> internet that expose them to greater or lesser degrees of risk. It's their
> choice. I would choose to be more restrictive than openrepos on what's allowed
> into the community store. I also think we have a slighly different focus -
> openrepos is literally a free-for-all. I hope Chum (or whatever) will have more
> of a "reliable quality for the user" goal.
> 
> If/when warehouse gets onto community store I would like to be clear about what
> it provides as there would be a sense of it meeting the users expectation of
> quality/safety.
> 
>> This is a PERSONAL summary of MY recollection of the FOSDEM discussion
>> on this topic. I hope that Jolla will now finally back this up and we
>> will see Sailors working towards this.
> 
> Still community hat! I am of the opinion that Jolla do a lot for the community
> simply in how they operate. I think much of this is our job. We need to clearly
> ask for things and justify why they should be granted.
> 
> Eg I think we should ask for a similar role as maemo extras - but we need to
> justify why we can be trusted to essentially grant root privileges to any app
> developer on any users jolla device.
> 
> As for sailors working on this - I think we may like Jolla to grant them some
> company time to respond to these feature requests - but mainly how much time
> they spend on community things is down to them. Some sailors love openrepos
> approach; some love Mer OBS/Chum approach :)
> 
>> For those who already want to get started, there is a SailfishOS target
>> on OBS and a community repository called "Chum" where applications will
>> be visible in the future.
>> https://build.merproject.org/project/subprojects?project=sailfishos
> 
> Yep - I'll add 1.0.3.8 today too.
> 
> David
> 
> -- 
> "Don't worry, you'll be fine; I saw it work in a cartoon once..."
> 
> _______________________________________________
> SailfishOS.org Devel mailing list



More information about the Devel mailing list