Request For Candidates: Application Review Board

Matthew Paul Thomas mpt at canonical.com
Mon Aug 16 15:17:18 BST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Iain Lane wrote on 14/08/10 01:11:
>...
>   5. The message is that the archive is not the place for your cool app
>      to live. I think this process is what Matt Z was getting at in a
>      recent post on his blog[0].
> 
> I want to expand on 5 a little bit. I found a comment from Matthew T
> in the blog post:
>...
> ,----
> | Packaging applications is what OS developers do when the OS is
> | unpopular. Ubuntu is now popular enough that application developers
> | are increasingly interested in packaging their software for Ubuntu
> | themselves (as they already do with Windows and Mac OS X). This does
> | not mean they’re the slightest bit interested in becoming a MOTU or a
> | DD; they want to package their own software, not anyone else’s.
> `----
> 
> This is likely to be offensive to a lot of distribution developers. It
> reads like: “There is no place for you to package upstream
> software. Upstream developers are better placed than you to do
> this. Please go away”. Just because something may not happen as
> rapidly as you may like doesn't mean that the whole system is rotten.

I don't understand how you read it that way. The current system is not
rotten, it's good at what it does, which is providing a base operating
system and a small set of quality-controlled software (about 30,000
packages, of which fewer than 4000 are applications). Now we need
something much bigger than that. Not instead of, but in addition to.

> If developers are interested in doing this properly then there is
> absolutely no requirement to become a MOTU or DD. Both distributions
> have methods to have finer-grained upload control: PPU in Ubuntu and
> DM in Debian. This would be the proper way to have your package out
> there, with all of the hard-won QA processes that we have.

Imagine, for a moment, that you're a programmer considering a four-week
contract from Warner Brothers in May 2011 to create the Ubuntu version
of a screensaver for their latest movie. You're more of a Debian person
yourself, and your employers have no problem with the screensaver
working on other OSes too. They don't even mind if it's open-source.
Their sole concern is getting the screensaver into Ubuntu Software
Center, for Ubuntu 10.10 LTS and 11.04, before the movie's release in July.

You start researching what it would take to get Ubuntu per-package
upload permission for the screensaver package. You discover that, among
other things, you'd need to create an Ubuntu wiki page containing such
fun stuff as "Things I could do better" and "What I like least in
Ubuntu", get three to five "endorsements" for your application,
subscribe to a mailing list where you'd have to announce your
application and answer questions about it, wait between one and two
weeks for a Developer Membership Board meeting, work out how to use this
"IRC" thing to attend the meeting (1500 UTC, sucks to be you if you're
in Sydney), "show advocation and support of existing developers
indicating that previous work on the package demonstrated that
unsupervised upload is warranted", "have documented previous concern for
the packages in question in Ubuntu, including previous uploads,
effective bug management, and similar previous work", and "show a
history of effective collaboration with other developers in Ubuntu".

On Windows, Mac OS X, iOS, and Android, even the maintainers of
long-lasting heavyweight applications (Firefox, Excel, OmniGraffle)
don't have to endure anything remotely like that.

> But why would you do that when you can just point your users to a PPA
> and not have to answer to anyone else?
>...

The problem with a PPA, besides the difficulty of adding it in the first
place, is that it can hose your system (which is what makes it possible
for the Ubuntu Kernel Team to have a PPA, for example). The Application
Review Board will protect against things like that.

- -- 
Matthew Paul Thomas
http://mpt.net.nz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxpSG4ACgkQ6PUxNfU6ecopogCglvzIH6L4QHvp01UjxqHoakUC
BX4AoJOcLQY5ZmpSZKQ795woa3msteCx
=+yDP
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list