ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: App Review Shifts

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Date: Tue, 20 Aug 2013 12:13:55 -0500
In-reply-to: <520E1A7B.7010403@ubuntu.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8

On 08/16/2013 07:26 AM, Daniel Holbach wrote:
> Hello everybody,
> 
> with the appstore opening in alpha stage soon, it's important we figure
> out how the reviews are going to take place until we have the process
> more automated. This will be a good learning experience for us, what we
> can automate, what common problems are, how much time it all takes and
> where across all teams needs to be fixed to make things scale up to
> bazillions of apps.
> 
...
> It should be interesting to rotate the duty, take notes on
> 
>   https://wiki.ubuntu.com/AppStore/Decisions/ReviewRequirements
> 
> and collect tips, improve our review notes and script what we can to
> have the process automated in the near future.
> 
> Even though automating the review process is the immediate goal, I'm
> sure this learning experience is going to help in the larger project, so
> SDK bits can be improved, and many other bits and pieces as well.

I didn't put this in the wiki, but could. I noticed when doing my first reviews
a few things:
 * 'click build' creates a package which is 'Architecture: all' and a package
   name with *_all.click even if the package has compiled code (LP: #1214380).
   Seems like this might be part of the fat package discussion, but as it
   stands now, the appstore doesn't support compiled code-- eg, a developer
   could upload something for i386 but it wouldn't work on armhf. This seems to
   be planned for August based on the wiki[1]
 * one of the packages I reviewed does not have a package name of the form of:
   $pkgname_$version_$arch.click. Not sure why that is, 'click build' should do
   this for people.
 * one of the packages I reviewed is missing the 'description' field in the
   click manifest. This is optional in click, but this should be required for
   the app store.
 * one of the packages I reviewed has the .bzr directory
 * seems like click packages set the Description in DEBIAN/control to be the
   title from the manifest. Shouldn't this be title + description?
 * click packages provide DEBIAN/md5sums which while a weak hashing algorithm
   is fine for now. I filed LP: #1214485 as a suggested improvement
 * one click package is using the old manifest format instead of the finalized
   one from the wiki[2]
 * one click package does not specify the desktop hook
 * one click package does not specify the correct policy_version for apparmor

Because the package with the problems I found was pre-approved in the appstore,
it should be fixed. What is the mechanism for reporting issues? How about for
retroactively reviewing packages in the appstore? If we don't have something, I
might suggest we send an email to the maintainer and CC all reviewers. Based on
Rick's previous feedback, CCing the other reviewers isn't strictly required
because each review should be separate, but CCing them in the short term might
help us bootstrap our process.

[1]https://wiki.ubuntu.com/AppStore/Goals
[2]https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement/Manifest#Click

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: App Review Shifts
From: Jamie Strandboge, 2013-08-20
Re: App Review Shifts
From: Michael Hall, 2013-08-20
Re: App Review Shifts
From: Sergio Schvezov, 2013-08-20

References

App Review Shifts
From: Daniel Holbach, 2013-08-16