Hi all, I spent some time this week reviewing a charm, and have some questions about some of the Charm Store Policy requirements. I want to make sure I understand these requirements well enough to explain them to people who's charms I review, and to be able to give them direction on how they can bring their charms in line with the policy. I also want to make sure that if someone else reviews the same charm I review they come to the same conclusions as I do. Some of these have been discussed some already on #juju@freenode, but it was suggested I post them here too; I would appreciate any thoughts you have on this!
"Must follow the spirit of the Ubuntu Philosophy." As applied to a charm I think this essentially boils down to the charm only containing free and open source software, and not doing anything nefarious. But, it should be acceptable for a charm to install non-free software from a location outside of the charm itself, as long it's clear up front, right? "Must also be valid for the charm and/or bundle format defined in Juju's documentation." I think this means that to be in the charm store, the software needs to be a charm or a bundle - not just some arbitrary piece of code like you can stick in a bzr repo. Is that right? "Should make use of AppArmor to increase security." I read this is a recommendation, not a requirement, because of the "should". However, it's not clear what the intent is. It would be nice if there was guidance we could point to here on how charms should deal with apparmor. I think it's usually handled by packaging, and a charm shouldn't need to deal with it if it is. Are there cases where a charm does need to do something with apparmor, even if the package does? When developing a charm for software without apparmor enabled packaging, what are the recommendations? "Must include tests for trusty series and any series afterwards. Testing is defined as unit tests, functional tests, or integration tests." Does "any series" mean any LTS or does it include non LTS releases too? Is this saying that if tests are included, they must support Trusty and future releases? Or is it ok to leave tests out altogether? If tests are required, is there a minimum standard of coverage? Is verifying the service is pingable after deploying it enough, or does it need to exercise features? Thanks, Jason -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
