AppDevUploadProcess Automatic reviews

Scott Kitterman ubuntu at kitterman.com
Thu Sep 6 21:07:36 UTC 2012 

On Thursday, September 06, 2012 04:00:25 PM Michael Hall wrote:
> Most of the conversation on the previous thread has been about package
> isolation, but I wanted to make sure the other topics in the spec were
> also being discussed.
> 
> One of our primary goals was to eliminate every bottleneck we could.  To
> that end we detailed a series of restrictions, sandboxing and automated
> checks that would allow us to trust that these application could not do
> any accidental harm to the user or the user's system.  Human
> intervention has always become a bottleneck, as man-hours are one
> resource we can't scale up as the need arises, so removing that from the
> process has been a key driver for this spec.
> 
> Besides package isolation, the other important method for protecting our
> users is with the mandatory use of an AppArmor profile.  We, together
> with the security team, have identified what additional work needs to be
> done to provide a trustworthy sandbox for applications, and ways of
> informing the user about what access they those applications will need.
>  Furthermore the AppArmor profile itself will be generated on our
> servers (MyApps) based on the developer's input, and incorporated into
> their package automatically.  This assures us that the profile is both
> correctly made and correctly installed, without the developer having to
> learn how to do it.
> 
> The only part of the spec that still uses a human review is in verifying
> the identity of the user (though some process yet to be determined).
> This is important because, as I mentioned above, the other parts of the
> spec are only intended to prevent accidental harm, not intentionally
> malicious code. We believe that verifying the identity of the uploader,
> so that it is not an anonymous relationship between the uploader and
> Ubuntu, should prevent intentional abuse on their part.  If there is a
> case of intentional abuse, we would be able to remove that app and
> prevent the submitter from using the system again.

Those parts of the spec seemed reasonable to me.  You'll have a hard time 
automating review of copyright/licensing information though.  Is there a plan 
for that?

Scott K

More information about the ubuntu-devel mailing list