ubuntu-appstore-developers team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-10-17 03:27 AM, Michael Nelson wrote:
> On Wed, Oct 16, 2013 at 11:54 PM, Martin Albisetti
> <martin.albisetti@xxxxxxxxxxxxx> wrote:
>> On Wed, Oct 16, 2013 at 6:38 PM, Marc Deslauriers
>> <marc.deslauriers@xxxxxxxxxxxxx> wrote:
>>> We care what it looks like, we just aren't going to enforce it until it becomes
>>> a problem.
>>>
>>> Isn't it already hidden?
>>
>> Yes to the user, no to the developer. Which is why it feels odd making
>> the developer decide about something that isn't really user visible.
>>
> 
> +1 for removing the unnecessary decision for the moment. Given that we
> haven't (yet) implemented an automated verification of the domains,
> let's not let devs choose (and communicate) them unnecessarily.
> Automatically assigning com.ubuntu.developer domains would seem to
> sanest option and create the least work right now (as it avoids the
> possibility of reaching a problem that we need to clean-up and start
> enforcing).

But now you get back to the issue of having name collisions, which allowing the
developer to pick their own namespace, as on android, solves.

If you tie the application namespace to the developer username, you then can't
have the possibility of an application moving between developers without the
user losing all their settings.

For example, forcing com.ubuntu.developer.joeemployee.facebookapp instead of
allowing com.facebook.facebookapp means that when Joe Employee is no longer a
Facebook employee, the app can't be migrated to a new account without losing
user data.

I don't see why this is a problem for us, but isn't for other platforms.


> 
> IMHO, enabling people to choose com.google.whatever is only going to
> lead to pain later. It really is user-visible information at the
> moment, as per Jamie's Permy app - "Easily see the permissions of your
> apps with Permy. Includes viewing the policy vendor, policy version,
> template, groups, APP_ID, and more." which will help people decide
> whether they are comfortable with the permissions of an app.

Much like it is visible on Android, and as far as I know, they don't validate
namespaces on their platform either.

> 
> If users are viewing the domain name while making decisions about the
> security of an app, we either need to ensure they understand the
> namespace of the app is meaningless in that context, or verify the
> namespaces so that they can be trusted by users. Even with an updated
> Permy with the domain removed, I'm sure it'll be exposed in other apps
> in time - because it appears to be useful information (as long as devs
> communicate useful info through it).
> 
> And that's not even considering how we would clean up if it ever did
> become a problem that we needed to enforce.
> 

I can't think of a better alternative.

Marc.