ubuntu-appstore-developers team mailing list archive

[Michael Nelson <michael.nelson@xxxxxxxxxxxxx>]

On Thu, May 30, 2013 at 10:57 PM, Martin Albisetti <
martin.albisetti@xxxxxxxxxxxxx> wrote:

> Hi all!
>
> Kicking off this mailing list, I'd like to let everyone know what our
> current plan is to deliver the server-side piece of click packages.
> High-level, we're aiming to:
>
> - Add a new form to the current MyApps web ui[1] with the most basic
> fields possible so people can start uploading click packages
> - Bring up a new service to provide downloads of these new packages
> (that will be stored in Swift, for the curious), and will not
> authenticate requests at all, so it will only provide free (gratis)
> apps
> - Bring up a new solr instance, that will be directly available to
> query from clients. It will contain only public data
>

Using the solr query syntax is great, but I'm not sure that it's a good
idea to ever expose the solr instance publicly. I'd think we should instead
initially have a simple proxy which does very little filtering to a
firewalled solr instance [1]?

[1] The security link: http://wiki.apache.org/solr/SolrSecurity includes a
link to some example proxies - the php demoing a simple proxy that retains
the query syntax. u1 music search's cerati is an example of a proxy that
doesn't retain the solr query syntax.

That'll enable us not only to gradually add filters and only allow certain
queries through, but also to later add other index api functionality that
may not be based on solr query syntax. If there's someone with solr
experience, please chip in :)

-Michael



>
> All of those while we prioritise having fake api's for the client team
> to be able to start work on the UI pieces now (led by Roberto Alsina).
>
> With those 3 pieces, we should have the absolute barebones version of
> the click packages appstore. The target date for this is "before July
> 23rd".
>
> Once we have this up and running, we will focus on authenticating
> downloads so we can allow commercial apps, and then polish until
> 14.04.
> Polish will mean a lot of things, improving some of the shortcuts we
> will take to get this up faster, adding new fields to better match
> business and legal requirements, be able to extract metadata from the
> package's manifest file, enforcing namespaces, doing some basic sanity
> checking of what's uploaded, etc.
>
> As for who to talk to about very specific technical details, these are
> the people who will actually be doing the work:
>
> - Ricardo Kirkner & Matias Bordese are tackling Software Center
> web/agent/server (with a little help from Jonas Drange)
> - James Tait is tackling on the search api (solr)
> - James Westby and Sidnei Da Silva are tackling the download/upload
> server (re-using U1's updown service)
> - Michael Nelson is juju-izing most of the services, as well as
> providing guidance in Software Center and solr work
> - Vincent Ladeuil is helping us from day 1 on getting our testing story in
> order
>
> Please let me know if you have any concerns about this plan, both in
> how it's being executed as well as target dates.
>
>
> [1] https://myapps.developer.ubuntu.com/
>
> --
> Martin
>
> --
> Mailing list: https://launchpad.net/~ubuntu-appstore-developers
> Post to     : ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers
> More help   : https://help.launchpad.net/ListHelp
>