Hacker News new | past | comments | ask | show | jobs | submit login
Ubuntu tries to make publication easier for app developers (ubuntu.com)
73 points by fluteflute on Sept 3, 2012 | hide | past | web | favorite | 33 comments

Guys, as the huge yellow warning at the top of the page shows, this is a draft work-in-progress specification.

If you don't like it, now is the time to speak up. Jono Bacon (jono AT ubuntu DOT com) is the coordinator.

EDIT: Where's the appropriate place to send feedback? Perhaps not to his inbox

According to this post, questions and comments about the spec are invited on the ubuntu-devel mailing list.


There is a Feedback session at the end of the spec. You can leave your input and questions there, or you can alternatively continue the discussion on the thread at the ubuntu-devel mailing list. Thanks!

Someone should explain why Linux has been the latest of the big operative systems to have a user-friendly app store, when they were the first to have one with apt-get!!

It's a pity, Linux on desktop could have gone way further on market share and popularity. Now, they are doing just a copy (wait for Apple to demand).

> Someone should explain why Linux has been the latest of the big operative systems to have a user-friendly app store, when they were the first to have one with apt-get!!

I think you answered your own question. Package management (together with distribution policies to make those packages work together) has solved this problem for Linux already, for all software packageable by distributions, which includes pretty much everything needed to make a usable system. An "app store" just makes it easier to get one-off non-redistributable proprietary apps, which Linux historically hasn't cared much about until other OSes started to, at which point a few Linux distributions started wondering whether catering to proprietary app developers would make the system more popular. (Personally, I'd argue that apps follow platform popularity, not the other way around.)

From my days in Ubuntu... I remember that when I was installing some programs, it was asking me for dependencies. That's not user friendly.

The App Store is user-friendly. Do you want that program? Download it! No worries of dependencies. So it doesn't matter if it's proprietary or not. It's a matter of user experience and wanting to make it easy for non-techies. They have improved a lot but it's sad they weren't the first to make that change.

Huh? Longtime Ubuntu user here, I have no idea what you're talking about... Desktop Linux has plenty of problems, no need to invent new ones to complain about. Unless you were installing programs manually you shouldn't need to worry at all about dependencies on Ubuntu (or Debian).

How else does one install programs other than manually? You can't magically wish for Chrome to appear on ubuntu, you have to either use Synaptic, apt-get, or the software center (on recent ubuntii). All of these at least prompt you about dependencies.

'Manually' probably means not using a package manager - either with the configure/make dance, or with a binary installer like Google Earth used for a long time. In those cases, you still need to sort out dependencies manually.


   apt-get install <something-in-repository-or-ppa-you-added>
will bring down all the dependencies needed. That's the reason they package stuff against release numbers, so the dependencies are all consistent.

    dpkg -i <some-random-deb-you-downloaded>
may give dependency errors.

I get dependency errors on Chrome under Ubuntu 12.04, when I do a dpkg -i google-chrome-stable-whatever.deb.

But a quick apt-get -f install after I get those errors sorts it out.

Absolutely; if the dependencies exist within the appropriate Ubuntu repositories, or the ppas you have active, then the needed libraries can be installed.

Random downloading of debs from Web sites could lead to a situation where a different version of a dependency is needed. "foo needs libnaff-ubuntu345 but libnaff-ubuntu345 is not going to be installed" type errors result.

If you open the .deb in Software Center, it'll take care of the dependencies for you at the same time.

On the command line, you can use (ubuntu-specific) `gdebi <packagename>.deb` to automate that process for you.

Ubuntu Software Center doesn't prompt about dependencies... it just goes ahead and installs them. At least that's the default behaviour on 12.04 on my two machines.

I've been using it for 5 years. When I install a program via apt-get, it does ask for my permission to install certain dependencies. At which point I just have to say yes or no and it will proceed or abort. I don't see how that's a problem.

i don't believe ubuntu has ever required users to worry about dependencies. that was solved in apt before ubuntu came into existence.

if you used synaptic to install programs, it highlighted dependencies in the GUI, but that was really just irrelevant information - there was no user interaction required other than clicking the install button on the thing you wanted.

On Ubuntu to install a third-party app, like Chrome or Skype, you just double-click the dpk, a wizard pops up, you click Install, and all dependencies are taken care of.

The process is much better than on OSX. Think about how no app installs Growl automatically.

From memory, the Ubuntu Software Centre (under its former name) also pre-dated the App Store and variants.

Ubuntu Software Centre has been around since Oct 2009.

The former name was Gnome-App-Install, which has basically been around since Ubuntu started in 2004.

It's not about user friendlyness

it's about dev friendlyness.

in case your didn't know, your favorite appstore also has dependencies. the difference is that they bundle all libraries per OS version. Linux distros bundle per lib version (and thus per package).

but that's all up to the dev to fix, not to the user.

App store is all of the following: distribution, discovery and promotion. apt-get was really a distribution platform at first, and you could use it for discovery as well. Apple's store is full of promotion, and I haven't seen any Linux solution that even tries to fill that (marketing) gap.

nice, thanks!

Their idea of making it better is to require review before the developer is even allowed to upload a build for testing? I can't think of any other app store which requires this sort of thing; it doesn't actually solve any problem. Malicious users can claim to be whoever they want, and I can't imagine unauthorized package ports are a serious problem.

If you're trying to make something simple, remove really stupid steps. This is my problem with open source communities, they end out trying to make something theoretically perfect, but realistically unusable.

(A better solution: if the reviewer has any doubts they can ask for clarification.)

Well, Apple requires you to enrol in the $99/year 'developer program' to be able to submit applications. The developer check is more like Ubuntu's equivalent of that.

The key is that in many cases it will be easy to verify the identity of the developer: find the most active few accounts in the version control log, and email them about it. That takes far less time than auditing code.

> Irrespective of whether the app dev uses (1) or (2), they are relying on other people to do work before they can deploy their application. This is less empowering, and for an emerging platform such as Ubuntu, we need to enable app developers to deliver their apps without such delays.

> App Review - When the developer submits a new version of their application, it will go through a series of automated checks to verify that it conforms to the Extras packaging and security rules. The developer will be responsible for ensuring the package works effectively. If it doesn’t, the ratings and reviews will surely reflect this.

> We should not rely on manual reviews of software before inclusion. Manual reviews have been found to cause a significant bottleneck in the MyApps queue and they won’t scale effectively as we grow and open up Ubuntu to thousands of apps.

> The developer will not be able to add any other AppArmor abstractions beyond the ones defined above. All of these options are considered safe, and do not require a manual review before being allowed into the Extras archive. The user will be told about any options from the third group that the application needs, and will be asked to allow or reject its installation.

What pre-upload review are you talking about? I read through the steps, and I don't see anything other than the web form to generate an AppArmor policy, which seems completely automated.

EDIT: You're probably talking about the "APPLYING FOR ACCESS" section:

    To ensure that we are giving upload access only to the original
    author or a proper representative of the upstream project, we
    will require that person to request upload access for their
    application. The author or representative must first create an
    account and user profile in the MyApps portal as it currently
    Once their profile is created, they will need to be able to
    request upload access for a package, providing details about
    their association with the upstream project. If the submitter is
    not the owner or representative of the project, they will be
    required to provide a URL to a webpage, blog post or mailing list
    archive showing that the owner or representative of the project
    is endorsing their effort upload the application to the Ubuntu
    Software Center.
This is an interesting requirement in our open-source world of forks, clones, and mods/patches. The concept of "ownership" in OSS is intentionally very loose, and ensuring only the owner can upload to the app center makes sense in a brand-focused business/product point of view, but seems kind of strange from a software developer point of view.

How could an app store like this work with users trusting developers' GPG keyrings, or something similar?

FWIW CPAN works like this. A "namespace" (eg. IO::Foo) is essentially assigned to a user and only they can upload packages in this namespace. [http://www.cpan.org/modules/04pause.html#namespace]

Also it's very common in distros for maintainers to be granted only access to a list of packages, which is similar to what Ubuntu is doing here (and indeed already does). In the distro case, the maintainer is usually different from the principal developer of the program.

Note that it's more like the concept of a 'team' or 'project' rather than a single owner. Anyone endorsed by the team who creates the app (where a team can be a single person) can upload new versions.

All open source projects have a list of committers and a maintainer or few. Ubuntu's system respects that. Do you want me uploading a "new version" of something you wrote? Who am I? I am some evil hacker.

Easy developer deployment? aur.archlinux.org

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact