

Ubuntu tries to make publication easier for app developers - fluteflute
https://wiki.ubuntu.com/AppDevUploadProcess

======
gcr
Guys, as the huge yellow warning at the top of the page shows, this is a
_draft work-in-progress specification._

If you don't like it, now is the time to speak up. Jono Bacon (jono AT ubuntu
DOT com) is the coordinator.

EDIT: Where's the appropriate place to send feedback? Perhaps not to his inbox

~~~
takluyver
According to this post, questions and comments about the spec are invited on
the ubuntu-devel mailing list.

[http://mhall119.com/2012/09/how-the-appdevuploadprocess-
was-...](http://mhall119.com/2012/09/how-the-appdevuploadprocess-was-written/)

------
fesja
Someone should explain why Linux has been the latest of the big operative
systems to have a user-friendly app store, when they were the first to have
one with apt-get!!

It's a pity, Linux on desktop could have gone way further on market share and
popularity. Now, they are doing just a copy (wait for Apple to demand).

~~~
JoshTriplett
> Someone should explain why Linux has been the latest of the big operative
> systems to have a user-friendly app store, when they were the first to have
> one with apt-get!!

I think you answered your own question. Package management (together with
distribution policies to make those packages work together) has solved this
problem for Linux already, for all software packageable by distributions,
which includes pretty much everything needed to make a usable system. An "app
store" just makes it easier to get one-off non-redistributable proprietary
apps, which Linux historically hasn't cared much about until other OSes
started to, at which point a few Linux distributions started wondering whether
catering to proprietary app developers would make the system more popular.
(Personally, I'd argue that apps follow platform popularity, not the other way
around.)

~~~
fesja
From my days in Ubuntu... I remember that when I was installing some programs,
it was asking me for dependencies. That's not user friendly.

The App Store is user-friendly. Do you want that program? Download it! No
worries of dependencies. So it doesn't matter if it's proprietary or not. It's
a matter of user experience and wanting to make it easy for non-techies. They
have improved a lot but it's sad they weren't the first to make that change.

~~~
glesica
Huh? Longtime Ubuntu user here, I have no idea what you're talking about...
Desktop Linux has plenty of problems, no need to invent new ones to complain
about. Unless you were installing programs manually you shouldn't need to
worry at all about dependencies on Ubuntu (or Debian).

~~~
gcr
How else does one install programs other than manually? You can't magically
wish for Chrome to appear on ubuntu, you have to either use Synaptic, apt-get,
or the software center (on recent ubuntii). All of these at least prompt you
about dependencies.

~~~
takluyver
'Manually' probably means not using a package manager - either with the
configure/make dance, or with a binary installer like Google Earth used for a
long time. In those cases, you still need to sort out dependencies manually.

~~~
keithpeter
Yup

    
    
       apt-get install <something-in-repository-or-ppa-you-added>
    

will bring down all the dependencies needed. That's the reason they package
stuff against release numbers, so the dependencies are all consistent.

    
    
        dpkg -i <some-random-deb-you-downloaded>
    

may give dependency errors.

~~~
andyking
I get dependency errors on Chrome under Ubuntu 12.04, when I do a dpkg -i
google-chrome-stable-whatever.deb.

But a quick apt-get -f install after I get those errors sorts it out.

~~~
keithpeter
Absolutely; if the dependencies exist within the appropriate Ubuntu
repositories, or the ppas you have active, then the needed libraries can be
installed.

Random downloading of debs from Web sites could lead to a situation where a
different version of a dependency is needed. "foo needs libnaff-ubuntu345 but
libnaff-ubuntu345 is not going to be installed" type errors result.

------
tylermenezes
Their idea of making it better is to require review before the developer is
even allowed to _upload a build for testing_? I can't think of any other app
store which requires this sort of thing; it doesn't actually solve any
problem. Malicious users can claim to be whoever they want, and I can't
imagine unauthorized package ports are a serious problem.

If you're trying to make something simple, remove really stupid steps. This is
my problem with open source communities, they end out trying to make something
theoretically perfect, but realistically unusable.

(A better solution: if the reviewer has any doubts they can ask for
clarification.)

~~~
gcr
What pre-upload review are you talking about? I read through the steps, and I
don't see anything other than the web form to generate an AppArmor policy,
which seems completely automated.

EDIT: You're probably talking about the "APPLYING FOR ACCESS" section:

    
    
        To ensure that we are giving upload access only to the original
        author or a proper representative of the upstream project, we
        will require that person to request upload access for their
        application. The author or representative must first create an
        account and user profile in the MyApps portal as it currently
        exists.
        
        Once their profile is created, they will need to be able to
        request upload access for a package, providing details about
        their association with the upstream project. If the submitter is
        not the owner or representative of the project, they will be
        required to provide a URL to a webpage, blog post or mailing list
        archive showing that the owner or representative of the project
        is endorsing their effort upload the application to the Ubuntu
        Software Center.
    

This is an interesting requirement in our open-source world of forks, clones,
and mods/patches. The concept of "ownership" in OSS is intentionally very
loose, and ensuring only the owner can upload to the app center makes sense in
a brand-focused business/product point of view, but seems kind of strange from
a software developer point of view.

How could an app store like this work with users trusting developers' GPG
keyrings, or something similar?

~~~
rwmj
FWIW CPAN works like this. A "namespace" (eg. IO::Foo) is essentially assigned
to a user and only they can upload packages in this namespace.
[<http://www.cpan.org/modules/04pause.html#namespace>]

Also it's very common in distros for maintainers to be granted only access to
a list of packages, which is similar to what Ubuntu is doing here (and indeed
already does). In the distro case, the maintainer is usually different from
the principal developer of the program.

------
zobzu
Easy developer deployment? aur.archlinux.org

