ubuntu-appstore-developers team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

On 09/12/2013 04:33 PM, Martin Albisetti wrote:
> On Wed, Sep 11, 2013 at 4:38 PM, Jamie Strandboge <jamie@xxxxxxxxxxxxx> wrote:
>>  * When registering as a developer, I was asked to enter my PayPal account
>>    email address. Two things:
>>    - I wasn't actually charged anything, but I thought we were going to reqire
>>      app developers to pay some modest registration fee (eg, $1 or less). What
>>      is the status of this? I feel it is an important, though admittedly
>>      imperfect, tool to link a developer to a human
> 
> Actually, that's currently in place to verify that we can somehow pay
> you. It's inherited from the old MyApps. We're going to review it as
> part of introducing purchasing of click apps.
> 
Just so I'm clear-- all app developers will have to pay the nominal fee (this
would be good), and that this will be introduced when we support purchasing apps?
...
> 
>>  * I uploaded an armhf binary (due to a local C++ extension) and was told that
>>    "not a valid architecture: armhf". I was aware of this before uploading but
>>    I was wondering what the current status of this is-- click build put the
>>    architecture in DEBIAN/control as 'armhf'. Is this valid for the appstore
>>    now or should we waive these through for now and just wait for fat
>>    packages?
> 
> Right, so I think that we agreed that what we'd do is that packages
> would declare what architectures they support in the manifest, and
> that we'd only require fat packages when you had more than one
> architecture.
> The server and client filtering hasn't landed yet, but I think it's ok
> to land armhf for now.
> 
Oh, right, I forgot about this. I'll fix my package in the next upload. Thanks!
> 
>>  * My app was accepted even though it required special attention due to red
>>    flagged permissions.
>>
>> Now, to be fair, I removed permissions that are normally granted and
>> preemptively justified why these particular permissions were required. Perhaps
>> it was my compelling argument in my upload comment for the reviewer or perhaps
>> being a member of the security team helped me. ;) Joking aside, I'd like to take
>> this opportunity to reinforce that apps should be using the 'common' policy
>> groups. If the review tools complain about red-flagged security permissions or
>> use of 'reserved' policy groups, please contact a member of the security team
>> for the time being (probably me since I am also a member of the review team, but
>> any of us will do)-- there might be things that are lacking in our confinement
>> that are worth review, bugs we need to fix in our policy, or the requested
>> permissions are simply too permissive.
> 
> Right. I reviewed the app and was going to ping you about those extra
> permissions until I saw who the author was  ;)
> I have been bouncing any other app that requests non-standard permissions.
> 
Awesome, and I didn't mean to call you out, just doing a friendly reminder. :)

-- 
Jamie Strandboge                 http://www.ubuntu.com/