ubuntu-appstore-developers team mailing list archive

[Daniel Holbach <daniel.holbach@xxxxxxxxxx>]

Hello everybody,

we had a quick call to figure out how the review process would work when
we open up the appstore in an alpha stage. Here's a very quick summary:

Steps involved:
 - Reviewer goes to the myapps queue and selects the app
 - Reviewer downloads the package
 - Reviewer checks that the package does not pull any dependencies
   - this should not be possible with click package
 - Reviewer checks that the package does not already exist
 - Reviewer checks that the namespace in the downloaded package
   matches the namespace in myapps


Script for click app reviews:
 - namespace
   - review namespace in the upload entry in myapps (doesn't have
     anything to do with the filename)
   - requested namespace is available on the myapps entry - HAS TO
     MATCH the namespace in the click package
     - could be done automatically
 - manual review:
   - make sure nobody's repackaging a commercial / official app
   - review of description
 - integrity
   - check md5sums
     - ACTION: Daniel to ask Colin if "click verify" should be
       doing this.
   - require click minimum version (currently 0.3)
 - security
   - check security section in manifest file for restricted configs
   - check security section in manifest file for known dangerous policy
     groups


later steps:
 - add review comment
 - "reject" or "approve" or "ask for information"

ACTIONS:
 - Daniel to push initial code for downloading/inspecting click apps.
 - Daniel to ask Colin if "click verify" should be checking md5sums.
 - Daniel to revive "remove malicious apps" discussion.
 - Daniel to send out summary of the call.
 - Marc to follow up with security review plan.

Have a great day,
 Daniel

-- 
Get involved in Ubuntu development! developer.ubuntu.com/packaging
Follow @ubuntudev on identi.ca/twitter.com/facebook.com/G+