ubuntu-appstore-developers team mailing list archive

[Vincent Ladeuil <vila+click@xxxxxxxxxxxxx>]

>>>>> Martin Albisetti <martin.albisetti@xxxxxxxxxxxxx> writes:

    > Hi all,
    > It's been an exciting month in the click appstore. The contest really
    > put all our assumptions to the test and had us on our feet fixing and
    > improving things left and right.
    > We still have a while to go, but things are looking smoother every day.

    > One thing that became obvious very quickly was that verifying custom
    > namespaces (com.yourdomain) is painful and hard to automate. It also
    > adds little or no value to users and developers.
    > I was wondering if we shouldn't just lock everyone into a
    > com.ubuntu.developer.* namespace, and keep custom namespaces for
    > specific exceptions (maybe for specific large companies and other
    > special cases).

    > Any thoughts on this?

I thought about that at some point and even collect notes at the time:

- let say that apps are in a namespace (based on reversed FQDN)

- let say the ubuntu project is handling the root "dns" on that whole
  name space and will remain responsible for com.ubuntu in any case.

I've seen talks about delegating part of the responsibility to handle
upgrades, I think this matches who is responsible for that name space
upgrades.

Owning the name space implies responsibility for upgrades. This also
includes the ability to restore the last stamped (or security-stamped)
version (that can't be deleted). So from the root "dns" you can revoke a
malicious app or publish an update that fix the app (with prejudice) as
soon as you regain responsibility for that names pace (i.e. "we" can
always revoke/recover any part of the name space responsibility for
emergency cases).

Of course revoking com.google... won't have much sense but net.ub3rl33t
or biz.$$$youwin$$$ on the other hand... I trust ubuntu to regulate that
transparently and overall pretty cheaply (I could be wrong but, well, we
should be immune to throw-away domains by requesting some quarantine
period).

Requesting a certificate for a registered domain when registering an app
there should vastly simplify the common case: only responsible name
space handlers get the right to publish their updates as they see fit
since they need the certificate to somehow sign their submissions (and
they also handle who has the right to use that certificate).

The user will decide where it gets its software from, starting with
com.ubuntu but probably adding com.${CARRIER} or com.ubuntu.universe.

If I subscribe to com.ubuntu.libreoffice I'm not subscribing to
org.libreoffice.stable, org.libreoffice.beta8 or
org.libreoffice.this-should-fix-your-issue-can-you-test-it (great !
direct contact between dev and user, wow... com.ubuntu.lp.ted.inkscape
;).

So there are different levels of trust involved here, some between
ubuntu and the user but also between the user and our upstreams or their
carrier. Direct match with the name space.

There are a lot of questions to be addressed around handling the root
"dns" for that though but I think that the idea that you can root your
ubuntu phone by pointing that "dns" root server to com.canonical.com
(run LTS-cat highly stable and secure), org.freedombox.com, com.samsumg,
com.t-mobile, gov.nsa, .... your imagination is the limit ;) Ultimate
free software ;) 

Of course, the network effect should be that com.ubuntu will be the most
popular ;)

Summary: you asked for ideas, you get some ;) But until we get better
ideas about how we want to handle the whole name space, sticking to
com.ubuntu.developer.* seems like the safest and simplest choice.

         Vincent