If you don't like it, now is the time to speak up. Jono Bacon (jono AT ubuntu DOT com) is the coordinator.
EDIT: Where's the appropriate place to send feedback? Perhaps not to his inbox
It's a pity, Linux on desktop could have gone way further on market share and popularity. Now, they are doing just a copy (wait for Apple to demand).
I think you answered your own question. Package management (together with distribution policies to make those packages work together) has solved this problem for Linux already, for all software packageable by distributions, which includes pretty much everything needed to make a usable system. An "app store" just makes it easier to get one-off non-redistributable proprietary apps, which Linux historically hasn't cared much about until other OSes started to, at which point a few Linux distributions started wondering whether catering to proprietary app developers would make the system more popular. (Personally, I'd argue that apps follow platform popularity, not the other way around.)
The App Store is user-friendly. Do you want that program? Download it! No worries of dependencies. So it doesn't matter if it's proprietary or not. It's a matter of user experience and wanting to make it easy for non-techies. They have improved a lot but it's sad they weren't the first to make that change.
apt-get install <something-in-repository-or-ppa-you-added>
dpkg -i <some-random-deb-you-downloaded>
But a quick apt-get -f install after I get those errors sorts it out.
Random downloading of debs from Web sites could lead to a situation where a different version of a dependency is needed. "foo needs libnaff-ubuntu345 but libnaff-ubuntu345 is not going to be installed" type errors result.
if you used synaptic to install programs, it highlighted dependencies in the GUI, but that was really just irrelevant information - there was no user interaction required other than clicking the install button on the thing you wanted.
The process is much better than on OSX. Think about how no app installs Growl automatically.
it's about dev friendlyness.
in case your didn't know, your favorite appstore also has dependencies. the difference is that they bundle all libraries per OS version. Linux distros bundle per lib version (and thus per package).
but that's all up to the dev to fix, not to the user.
If you're trying to make something simple, remove really stupid steps. This is my problem with open source communities, they end out trying to make something theoretically perfect, but realistically unusable.
(A better solution: if the reviewer has any doubts they can ask for clarification.)
The key is that in many cases it will be easy to verify the identity of the developer: find the most active few accounts in the version control log, and email them about it. That takes far less time than auditing code.
> App Review - When the developer submits a new version of their application, it will go through a series of automated checks to verify that it conforms to the Extras packaging and security rules. The developer will be responsible for ensuring the package works effectively. If it doesn’t, the ratings and reviews will surely reflect this.
> We should not rely on manual reviews of software before inclusion. Manual reviews have been found to cause a significant bottleneck in the MyApps queue and they won’t scale effectively as we grow and open up Ubuntu to thousands of apps.
> The developer will not be able to add any other AppArmor abstractions beyond the ones defined above. All of these options are considered safe, and do not require a manual review before being allowed into the Extras archive. The user will be told about any options from the third group that the application needs, and will be asked to allow or reject its installation.
EDIT: You're probably talking about the "APPLYING FOR ACCESS" section:
To ensure that we are giving upload access only to the original
author or a proper representative of the upstream project, we
will require that person to request upload access for their
application. The author or representative must first create an
account and user profile in the MyApps portal as it currently
Once their profile is created, they will need to be able to
request upload access for a package, providing details about
their association with the upstream project. If the submitter is
not the owner or representative of the project, they will be
required to provide a URL to a webpage, blog post or mailing list
archive showing that the owner or representative of the project
is endorsing their effort upload the application to the Ubuntu
How could an app store like this work with users trusting developers' GPG keyrings, or something similar?
Also it's very common in distros for maintainers to be granted only access to a list of packages, which is similar to what Ubuntu is doing here (and indeed already does). In the distro case, the maintainer is usually different from the principal developer of the program.