ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Scanning packages on upload

To: Michael Nelson <michael.nelson@xxxxxxxxxxxxx>
From: James Westby <james.westby@xxxxxxxxxxxxx>
Date: Fri, 26 Jul 2013 16:13:15 -0400
Cc: Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAMvE_KyM9y5MSMLuGOJPQae4ra=CVNSUY5otj7gpq_ME42bMAA@mail.gmail.com>
User-agent: Notmuch/0.12 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-pc-linux-gnu)

Hi Michael,

Thanks for the response.

On Fri, 26 Jul 2013 10:32:14 +0200, Michael Nelson <michael.nelson@xxxxxxxxxxxxx> wrote:
> Even if it's not something we want to do straight away, won't we be aiming
> for the developer not needing to enter details that are already included in
> the package?

I think so.

> If so, I'd assume we'd want the results of the scan before asking for those
> details. We may even be able to structure the workflow so they don't need
> to wait.

Yeah.

It may be that most uploads will be done via the SDK though, so perhaps
the workflow would look different for most people?

> A few questions/thoughts:
>  * Could we eventually move the upload step to the beginning of the
> workflow?

I think we have to if we want to extract information from it server-side.

>  * Can we initiate the scan directly after the async upload finishes - ie
> while the dev is still possibly entering other info... if there is other
> info?

I'm sure we can. The upload isn't entirely async, the developer will see
the upload step until the upload is complete.

>  * I'm assuming the scan won't take more than 0.5 second, but downloading
> the package to the pkgme service will be biggest contributor to latency -
> would it be worth using pkgme locally on the updown service you guys
> created so that there's no latency there - possibly the results could be
> returned with the completion of the upload. A subordinate charm maybe?

I think the scan could end up taking a bit longer than that (exract,
read a few files, perhaps do some computation), depending on how many
different things we check.

The files aren't actually on the updown service though, they are in
swift. We may be able to do something like keeping a copy as we stream
to swift, and then using that copy in the checks.

However, I'm not sure how long it will take to do an in-DC transfer of a
typical click package.

The data we have from pkgme shows that the download of the "dirkdashing"
package, to take one at random, took 1.2s, as part of whole process that
took 9s.

>  * Not for now, but eventually, could we create a cmd-line interface to the
> updown service that uses your login creds to upload your package and then
> redirect your browser to the rest of the workflow (ie. the scan data would
> already be there).

Yeah, I would imagine that it is part of the plan to have the publishing
workflow be triggered from a button in the SDK.

Thanks,

James

References

Scanning packages on upload
From: James Westby, 2013-07-25
Re: Scanning packages on upload
From: Michael Nelson, 2013-07-26