Setting the verified developer tick in GNOME Software

[Allan Day]

Owen Taylor <otaylor at redhat.com> wrote:
...
>  * Does not have a backdoor inserted
>  * Gets timely security updates
>  * Is updated when a new stable release of the software is made
>  * Has not been modified from the upstream in a way that introduces new bugs
>  * Upstream will accept bug reports if you are using this package
>  * Bundled dependencies have appropriate licensing

That's a good list.

> "accepted as an official build by the software author" is an interesting factor to take into account when picking between sources of the same application. But it's certainly not the only one. E.g., someone might prefer Debian built Flatpaks because they want to make sure that everything has been independently verified.

Does this imply a verification process that's independent of any
repository/hosting service, and covers all of them? I'm struggling to
imagine how it would work in practice.

> ... What if, instead, you had a single Inkscape icon, and when you went to the details page, some source was selected by default (perhaps the policy has site/system/user configurability), and then you could change that if you cared. (Perhaps the same interface for switching the source of  installed applications as well.)

I agree that's a better experience than showing multiple apps in a
software centre, and it's the kind of UI we've wanted in GNOME's
Software app for a little while [1].

Allan
-- 
[1] https://raw.githubusercontent.com/gnome-design-team/gnome-mockups-software/master/wireframes/app-details.png
(see the source drop down in the header)