ubuntu-appstore-developers team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxxxxx>]

On 09/18/2013 11:06 AM, Marc Deslauriers wrote:
> On 13-09-18 11:37 AM, Daniel Holbach wrote:
>> Hello everybody,
>>
>> in a recent conversation Loïc brought up that there might be a desire to ship
>> plugins as click packages.
>>
>> To clarify
>>  - this would be plugins or addons which are not part of the
>>    default install
> 
> What kind of plugins are we talking about?
> 
>>  - they probably wouldn't use confinement
> 
> How can we possibly keep users safe if we don't confine them? Will this be
> restricted to only certain publishers?
> 
It would have to be. If we use the codecs example that Pat mentioned, we are
talking about compiled .so files that system apps, like the media player, would
just import. We can't confine an individual library, so we can't in general say
confinement will be in place for the app importing the plugin, therefore the
plugins need to be considered trusted. IMO, that trust relationship is between
Canonical and the publisher for plugins of this type rather than between the
user and the publisher like with normal apps.

There are technical and procedural things to work out. A click hook can be
written for each plugin type (eg, "codec") where on install the hook does what
it needs to to make it available to the thing being plugged in to (eg, the media
player app-- note click packages are not allowed to ship their own hooks). App
store reviews would block if any of these click hooks are present in the click
manifest. We need store policy (eg signoff procedures) for allowing these into
the store. There are probably other things I am missing.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature