New Process Review: Post App Release Process

Jono Bacon jono at ubuntu.com
Tue Jul 20 10:44:26 BST 2010 

On Thu, 2010-07-15 at 13:46 -0700, Kees Cook wrote:
> Hi Jono,
> 
> On Fri, Jul 02, 2010 at 01:14:36PM -0700, Jono Bacon wrote:
> >     https://wiki.ubuntu.com/PostReleaseApps/Process
> 
> "slow and complex and unapproachable":  I don't agree with this. Is there a
> better way to say both "the process is complex" and "upstreams are
> sometimes late" at the same time without it sounded bad for either us or
> them? Maybe just drop "slow and unapproachable"?

I changed this to "The current Ubuntu process for getting an application
into an Ubuntu archive is not optimized for application authors". Do you
feel this is more appropriate?

> "only applies to new applications and not to existing software that is
> present in Ubuntu archives such as main/universe": if there is no way for
> upstreams to do major version bumps of software (generally disallowed by
> SRU), then what motivation is left for authors to get their software into
> the core archive?

We generally believe that getting content in the archive is a fairly
inaccessible process for application authors. It is intended for those
who want to perform serious integration work in Ubuntu. The problem is
that this is blocking application authors getting their apps in Ubuntu.

I don't believe this process will stop app authors wanting content in
the archive; if an Ubuntu developer is willing to do this work, I am
sure an app author will welcome it. This process resolves the issue of
if they don't know an Ubuntu developer who can do this work - this will
still provide an on-ramp for providing visibility for their app in the
software center, but setting appropriate expectations.

> "No other software can depend on the application being submitted": this
> would encourage library bundling, wouldn't it? That doesn't seem like the
> best idea to me.

What this means in that the app being submitted cannot be a dependency
(such as a library).

> "and not content, documentation or media": perhaps reword as "and not
> stand-alone content, documentation..." to avoid confusion over game data
> packages.

Thanks for this. I fixed this in the process. It now says "only
executable applications (and content that is part of them) are eligible,
and not stand-alone content, documentation or media".

> Under "Assessment", do we want to explicitly state things like "does not
> perform malicious actions" or create any additional policy like that?

Agreed. I have updated the process with this.

> How is the addition to the software center actually managed?  If it just
> adds the PPA, this will not be okay. Anyone could get an ARB that is
> accepted and then just fill their PPA with whatever they wanted. Will apt
> be able to filter just the approved packages from their PPA?  (Or will
> there be a separate PPA that packages are syncSourced to?)

I am not involved in the technical implementation; I am just managing
the submission and review process - see
https://wiki.ubuntu.com/PostReleaseApps/Implementation for
implementation details.

Thanks!

	Jono

-- 
Jono Bacon
Ubuntu Community Manager
www.ubuntu.com / www.jonobacon.org
www.identi.ca/jonobacon www.twitter.com/jonobacon

More information about the technical-board mailing list