[RFC] apturl repository whitelist application process

Brian Thomason brian.thomason at gmail.com
Thu Feb 12 22:10:07 GMT 2009 

First off, thanks to both of you for getting this done.  It's something
we've wanted on the ISV side of things for a while now.


> ==== Formal Prerequisites ====
>  * In order to ensure transparency and to facilitate monitoring of
>  quality and the state of the repository, a launchpad project must be
>  maintained for the package. Each source package should have it's own
>  repository where appropriate.


This would be a troublesome requirement for someone like google who
maintains all of their apps in the same repo.


>
>  * In order to assure that packages in third party repositories are
>  being properly maintained, each landing page that offers an apturl
>  link must also contain a prominent link for reporting bugs in the
>  related launchpad project.


What if the vendor prefers to handle all bugs through their own bug tracker?


>
>  * Package namespace for the name should start with a unique prefix
>  and not conflict


Must we require a prefix when there is no chance of a natural collision? For
instance, if google wants to ship google earth and the package name is
google-earth, can we waive the prefix requirement?


>
>  * Identify third party repository by custom package/source control
>  field
>  * add XB(S)-ThirdParty-RepoURL to the package that is uniq to
>  identify where the master repo is
>  * Identify right place to file bugs by custom package/source control
>  field
>  * add XB(S)-ThirdParty-BugFileUrl to the package that points to the
>  bug report page (LP)
>

These seem a little onerous too.  If the control file already provides a
website for the product, that should seemingly sufice as they are already
required to have the bug tacker info prominently displayed there...?


>
> However, if necessary, the repository may actually be removed from the
> users' sources lists. This may be necessary if there are severe
> problems on the repository such as data lose errors, security
> problems, repository maintainer is not cooperating. The repository can
> not reapply for at least 1 year for inclusion again
>

I don't think we should make the 1 year a steadfast rule, or at least
shorten it dramatically.

Again, thanks for the work guys.  It's looking good.

-Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20090212/301985f9/attachment.htm

More information about the ubuntu-devel mailing list