Re: [SailfishDevel] FOSDEM Community follow-up - open source app community
Hello David and list members, I definitely like Open Source and Sailfish is a nice way IMHO to use desktop libraries in mobile world (I mean that someone coming from a desktop linux feels at home with Sailfish). I join you thinking that Sailfish needs a repo where packages are built from source (for auditability and so on). The point of this mail is to ask how can one help for this ? Selon David Greaves : > I don't think we need full automation of the checks yet - but I do think we > can > clearly state the boundaries: open source only; auditability; community QA... I've just registered as a user in Mer OBS. Do you think it is ready now to submit an open source app in sailfish chum 1.0.3.8 testing ? Sources are currently on github. > > If the app builds on a clean SDK, then it's highly likely to build out > > of the box also on OBS. This app is building fine in the SDK. > Good. We need more docs though. May I help here ? For instance : on the project page of sailfish chum 1.0.3.8 testing, it specifies that guidelines are in "tbr #sailfishos", it may be more explicit, I don't know what is it. > > For those who already want to get started, there is a SailfishOS target > > on OBS and a community repository called "Chum" where applications will > > be visible in the future. > > https://build.merproject.org/project/subprojects?project=sailfishos If it's not yet ready for packaging submitted project, how can I help to make things go on ? Thanks for building the infrastructure for Open Source around Sailfish. Have a nice day, Damien. ___ SailfishOS.org Devel mailing list
Re: [SailfishDevel] FOSDEM Community follow-up - open source app community
On 04/02/14 07:40, "Thomas B. Rücker" wrote: > My question has been lingering for a while. ( > https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/ > ) > > But during FOSDEM we had a Sailfish/Jolla Community Round-Table ( > https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864 > ). This topic was brought up and seems Sailors are committed to address > this with pushing forward towards a clean open source app repository > with community QA and easy on-device access after enabling developer mode. That's my personal goal, yes. For those who don't know, I run the infra and OBS for Mer - I used to run the community OBS and other infra for MeeGo too. I am a sailor - but today I'm mailing as a community guy. I setup Chum as a place to build Jolla apps on an OBS. It just works. There is no fancy storefront or BOSS integration. We need that. I'd like to see some public docs on the Chum rules and governance so that we can reasonably expect Jolla to trust us to do a professional job. I know that they worry about reputation and customer experience. So do I. I don't think we need full automation of the checks yet - but I do think we can clearly state the boundaries: open source only; auditability; community QA... I'd like to see what our target is from a user perspective ... eg how do we make sure users can upgrade their devices. It's a technically difficult problem. We may well need to ask Jolla for hooks into SailfishOS ... but luckily we may also be able to write those hooks in Mer/Nemo and have Jolla just get them. I also recall that community QA was not terribly effective - I think this needs adressing. I used "Chum" as the repo title (it's the bloody fish guts you use to attract sharks!) - I'm not sure it's a good name but there are plenty of attacks :) > This would provide something like Maemo Extras and would be community > QA'd to ensure the apps don't pose major problems when installed. On the > other hand it would provide an easy middle ground for apps that don't > fit into harbour for various reasons (API calls, dependencies, etc.). Yes - I'd like to explore how we can add one or more library areas to devices for sets of shared libraries. Eg I use bullet physics engine in my 3D Dice game - I don't want to have to ship it. But how do we cope when bullet v3 comes out? > It will be backed by an OBS project on Mer community OBS, which has > Sailfish targets. OBS has come a very long way since we've seen it > first. I've personally had several apps build out of the box by just > _clicking_: > * create package > * source provision through tar_git > If the app builds on a clean SDK, then it's highly likely to build out > of the box also on OBS. Good. We need more docs though. > You may now say "what about openrepos?". They have chosen to be a site > for one-click RPM hosting repositories with no QA. Despite their best > efforts this approach has led to significant problems. Also it does > binary only uploads and thus non-free/closed applications and no > traceable chain from source to binary. > That said, if the openrepos client (warehouse) passes community QA it > will for sure be included in the community repository. Thus allowing > users to install it easily, if they so wish. We're not hostile towards > it, it just doesn't offer the level of trust to be a viable avenue for a > default community repository. I don't mind openrepos - there are plenty of places where users can go on the internet that expose them to greater or lesser degrees of risk. It's their choice. I would choose to be more restrictive than openrepos on what's allowed into the community store. I also think we have a slighly different focus - openrepos is literally a free-for-all. I hope Chum (or whatever) will have more of a "reliable quality for the user" goal. If/when warehouse gets onto community store I would like to be clear about what it provides as there would be a sense of it meeting the users expectation of quality/safety. > This is a PERSONAL summary of MY recollection of the FOSDEM discussion > on this topic. I hope that Jolla will now finally back this up and we > will see Sailors working towards this. Still community hat! I am of the opinion that Jolla do a lot for the community simply in how they operate. I think much of this is our job. We need to clearly ask for things and justify why they should be granted. Eg I think we should ask for a similar role as maemo extras - but we need to justify why we can be trusted to essentially grant root privileges to any app developer on any users jolla device. As for sailors working on this - I think we may like Jolla to grant them some company time to respond to these feature requests - but mainly how much time they spend on community things is down to them. Some sailors love openrepos approach; some love Mer OBS/Chum approach :) > For those who already wan
Re: [SailfishDevel] FOSDEM Community follow-up - open source app community
On Tue, Feb 4, 2014 at 8:07 PM, "Thomas B. Rücker" wrote: > Hi Andrey, > > On 02/04/2014 10:45 AM, Andrey Kozhevnikov wrote: > > Blaming openrepos again? Are you serious? > > > I would suggest to get back to a sensible discussion. There is no value > in ad-hominem attacks and insults, that just tends to disqualify the > person throwing them around. > > As you dragged out the topic of openrepos, let me offer some > clarification, also as other people might wonder where this came from. > Well, to be fair you started. :P Also the guys running ORN seems to be far better coders than the inbreds at Harbour, allowing Android apps WTF! At least ORN is 100% native apps and hopefully will never support any Android apps whatsoever. > > I am personally quite critical of openrepos for various reasons. > Foremost as it swings to the other end of the spectrum, offering no QA > and no verification as opposed to the rather strict submission process > of Harbour. Relying solely on ratings, comments, reputation. > They have recently reacted to my criticism and started introducing > changes/improvements. I applaud this. Still I am of the opinion that the > underlying concept is not well suited for wider adoption. The > intricacies do not fall under this topic, but I'll be happy to discuss > them elsewhere. > Last time I checked, I was living in a country where I am free to voice > my opinion and I intend to continue to do so. > > On the other hand I'd like to point out that my initial mail in this > thread was attempting to summarize a *community* *round-table*, which > took place during FOSDEM and was attended by about 25 people. > Many people weighed in and arguments were made for *both* sides. In the > end the consensus was that openrepos is not suitable for a pure open > source app development community repository. > > I'd appreciate if we could now let this sub-thread rest and get back to > the really urgent topic, that is figuring out how Jolla can support the > nascent open source app community around Sailfish. > > I'm not against using OBS but for me it's more of a trust issue. If I trust a package maintainer I don't give a rats ass about if the package is built with OBS or SDK. In the end it'll be the exact same binary anyway. If ORN adds support for voting on users and not only on packages I'll be perfectly fine with that. Waiting for Jolla to support the community could take a while ... also BS (main ORN dev) has said already that he's willing to add support for OBS in Warehouse if needed. No need to badmouth each other as both systems can coexist just fine and ORN is definitely not going anywhere but up from here. And hopefully the Sailfish OBS too. Greets Jens ___ SailfishOS.org Devel mailing list
Re: [SailfishDevel] FOSDEM Community follow-up - open source app community
Hi Andrey, On 02/04/2014 10:45 AM, Andrey Kozhevnikov wrote: > Blaming openrepos again? Are you serious? I would suggest to get back to a sensible discussion. There is no value in ad-hominem attacks and insults, that just tends to disqualify the person throwing them around. As you dragged out the topic of openrepos, let me offer some clarification, also as other people might wonder where this came from. I am personally quite critical of openrepos for various reasons. Foremost as it swings to the other end of the spectrum, offering no QA and no verification as opposed to the rather strict submission process of Harbour. Relying solely on ratings, comments, reputation. They have recently reacted to my criticism and started introducing changes/improvements. I applaud this. Still I am of the opinion that the underlying concept is not well suited for wider adoption. The intricacies do not fall under this topic, but I'll be happy to discuss them elsewhere. Last time I checked, I was living in a country where I am free to voice my opinion and I intend to continue to do so. On the other hand I'd like to point out that my initial mail in this thread was attempting to summarize a *community* *round-table*, which took place during FOSDEM and was attended by about 25 people. Many people weighed in and arguments were made for *both* sides. In the end the consensus was that openrepos is not suitable for a pure open source app development community repository. I'd appreciate if we could now let this sub-thread rest and get back to the really urgent topic, that is figuring out how Jolla can support the nascent open source app community around Sailfish. Best regards Thomas ___ SailfishOS.org Devel mailing list
Re: [SailfishDevel] FOSDEM Community follow-up - open source app community
Hi Andrey: W dniu 04.02.2014 11:45, Andrey Kozhevnikov pisze: Blaming openrepos again? Are you serious? Thomas isn't blaming openrepos. He only proposes an alternative for hosting _open_ _source_ projects that don't fit into the Harbour. Google search allow to search any rpm binary without source code attached, download it and install, and some of found packages can be untrusted. You can answer: what the **? Who cares about google? Of course, we dont care if user did some actions for finding and installing bad package to phone. But when we created good place for storing packages with user comments, rating, repositories and great native client, and we are not stupid, we know about existence (*possible* existence) of malware, we keeping in mind future great improvements for openrepos and so, then you going to be crazy. Why? I think no one is going crazy here - I believe that using Chum won't hurt Openrepos. Openrepos will still exist and work. Anyway it's good to hear there are improvements planed to Openrepos! Because creator of openrepos is not you, because someone did this great place, and its not you? Well the thing Thomas is proposing isn't his own idea, actually Chum stuff comes from one of the sailors - lbt (David Greaves). Harbour and OBS restrictions are good? I dont think so, but i dont want to force you to take my opinion. I'm using openrepos and i am happy. But at the same time i am sad because of your madness about openrepos existence. Nobody is mad - I was on FOSDEM and on the round table and I haven't seen any madness from anyone, instead interesting discussion regarding topics such as security for example. Please stop this stupid openrepos blaming. If someone upload malware we will ban it, post information everywhere. But in my opinion it will never happen. We are NOT against FOSS, we are NOT malware/warez site. Stop writing lies and speculation about openrepos. Well nobody said that Openrepos is against FOSS - I'd recommend you to calm down and read his post once again. Accusing someone of lies won't help the discussion. Instead I would rather look forward hearing from you what are the plans for developement/improvements of Openrepos. Let's focus on positive sides of both solutions. Regards, Filip ___ SailfishOS.org Devel mailing list
Re: [SailfishDevel] FOSDEM Community follow-up - open source app community
Blaming openrepos again? Are you serious? Google search allow to search any rpm binary without source code attached, download it and install, and some of found packages can be untrusted. You can answer: what the **? Who cares about google? Of course, we dont care if user did some actions for finding and installing bad package to phone. But when we created good place for storing packages with user comments, rating, repositories and great native client, and we are not stupid, we know about existence (*possible* existence) of malware, we keeping in mind future great improvements for openrepos and so, then you going to be crazy. Why? Because creator of openrepos is not you, because someone did this great place, and its not you? Harbour and OBS restrictions are good? I dont think so, but i dont want to force you to take my opinion. I'm using openrepos and i am happy. But at the same time i am sad because of your madness about openrepos existence. Please stop this stupid openrepos blaming. If someone upload malware we will ban it, post information everywhere. But in my opinion it will never happen. We are NOT against FOSS, we are NOT malware/warez site. Stop writing lies and speculation about openrepos. On 04.02.2014 13:40, "Thomas B. Rücker" wrote: My question has been lingering for a while. ( https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/ ) But during FOSDEM we had a Sailfish/Jolla Community Round-Table ( https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864 ). This topic was brought up and seems Sailors are committed to address this with pushing forward towards a clean open source app repository with community QA and easy on-device access after enabling developer mode. This would provide something like Maemo Extras and would be community QA'd to ensure the apps don't pose major problems when installed. On the other hand it would provide an easy middle ground for apps that don't fit into harbour for various reasons (API calls, dependencies, etc.). It will be backed by an OBS project on Mer community OBS, which has Sailfish targets. OBS has come a very long way since we've seen it first. I've personally had several apps build out of the box by just _clicking_: * create package * source provision through tar_git If the app builds on a clean SDK, then it's highly likely to build out of the box also on OBS. You may now say "what about openrepos?". They have chosen to be a site for one-click RPM hosting repositories with no QA. Despite their best efforts this approach has led to significant problems. Also it does binary only uploads and thus non-free/closed applications and no traceable chain from source to binary. That said, if the openrepos client (warehouse) passes community QA it will for sure be included in the community repository. Thus allowing users to install it easily, if they so wish. We're not hostile towards it, it just doesn't offer the level of trust to be a viable avenue for a default community repository. This is a PERSONAL summary of MY recollection of the FOSDEM discussion on this topic. I hope that Jolla will now finally back this up and we will see Sailors working towards this. For those who already want to get started, there is a SailfishOS target on OBS and a community repository called "Chum" where applications will be visible in the future. https://build.merproject.org/project/subprojects?project=sailfishos Cheers Thomas ___ SailfishOS.org Devel mailing list ___ SailfishOS.org Devel mailing list
[SailfishDevel] FOSDEM Community follow-up - open source app community
My question has been lingering for a while. ( https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/ ) But during FOSDEM we had a Sailfish/Jolla Community Round-Table ( https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864 ). This topic was brought up and seems Sailors are committed to address this with pushing forward towards a clean open source app repository with community QA and easy on-device access after enabling developer mode. This would provide something like Maemo Extras and would be community QA'd to ensure the apps don't pose major problems when installed. On the other hand it would provide an easy middle ground for apps that don't fit into harbour for various reasons (API calls, dependencies, etc.). It will be backed by an OBS project on Mer community OBS, which has Sailfish targets. OBS has come a very long way since we've seen it first. I've personally had several apps build out of the box by just _clicking_: * create package * source provision through tar_git If the app builds on a clean SDK, then it's highly likely to build out of the box also on OBS. You may now say "what about openrepos?". They have chosen to be a site for one-click RPM hosting repositories with no QA. Despite their best efforts this approach has led to significant problems. Also it does binary only uploads and thus non-free/closed applications and no traceable chain from source to binary. That said, if the openrepos client (warehouse) passes community QA it will for sure be included in the community repository. Thus allowing users to install it easily, if they so wish. We're not hostile towards it, it just doesn't offer the level of trust to be a viable avenue for a default community repository. This is a PERSONAL summary of MY recollection of the FOSDEM discussion on this topic. I hope that Jolla will now finally back this up and we will see Sailors working towards this. For those who already want to get started, there is a SailfishOS target on OBS and a community repository called "Chum" where applications will be visible in the future. https://build.merproject.org/project/subprojects?project=sailfishos Cheers Thomas ___ SailfishOS.org Devel mailing list
