Serious concerns about ARB policy (was Re: Basenji)

Elliot Murphy elliot at canonical.com
Sat Oct 2 19:10:37 BST 2010 

In which the author argues in defense of insane hack jobs...

On Oct 2, 2010, at 1:21 PM, Shane Fagan <shanepatrickfagan at ubuntu.com> wrote:
>> 
>> 
>>> 
>>> 
>> 
>> 
>> 
>>> 
>>> 
>> 
> The problem here is a few things. 1. we have to guarantee that the app
> is appropriately licensed before the app is put anywhere near a repo to
> cover our ass. Also if they are using patched together libs with
> different licenses they might be incompatible with each other and thats
> a problem with distribution too.

First, thanks for discussing this. So my perspective on this one is that we should not have any legal/copyright/licensing/documentation requirements more restrictive than the ones for a PPA. PPAs and the extras repo are both hosted in the same datacenter by the same legal entity, and are providing apps that are not part of the Ubuntu platform but instead run on top of it. To submit to ARB people already need to have a PPA set up and agree to conform to the terms of service. Anyone know why we would need additional requirements or checks beyond this?

> 2. The app should where possible use
> the libs in the repo rather than using insane hack jobs on libs and
> patching together their apps with those.
>>> 
>>> 
>> 
>> 

As an engineer, I'd agree with you (although I'm coming to question the engineering merits of this too). As an ARB reviewer and an advocate of software freedom, I disagree that we should be penalizing apps for this. Insane hack jobs on libs and patching together an app that does something cool by copying code from a dozen other free software projects is one of the fundamental freedoms that free software licenses seek to enable. We should not dissuade people from exercising that right, we should celebrate it. Using factored out system libraries is an optimization intended to ease maintenance and reduce the size of packages, and I think the effort/reward of using system libraries vs a monolithic app with bundled libraries is now somewhat questionable. The most famous example that comes to mind is google chrome, and bundling libraries is a common practice in Android, Windows, iOS, OS X, and embedded systems. I think we should reject apps that try to modify system libs in a way that impacts other parts of the system, but an app that forks or copies chunks of code from part of the system and privately bundles it into the app I think should be allowed.

If there is a licensing violation in an app that has been published into extras, I think the app should be pulled and the author alerted, but the ARB should not be responsible for detecting licensing or copyright problems. If the ARB notices a problem then we should address it, but I don't think we should be checking the way an archive admin does on the NEW queue.

> For most other apps that this board will review should have <1000 lines
> of code in the main project not including the setup files..etc.
>>> 
>>> 
>> 
>> 
>> 
>> 
>> 

I disagree with this. 1000 lines is a very tight budget even for python. I don't think we should have a lines of code size restriction, although a larger app will naturally take longer to go through code audit than a tiny app.
-- 
| Elliot Murphy | https://launchpad.net/~statik/ |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/app-review-board/attachments/20101002/f21f7682/attachment-0001.htm

More information about the App-review-board mailing list