Setting the verified developer tick in GNOME Software
Allan Day
aday at gnome.org
Mon Aug 13 10:13:58 UTC 2018
Owen Taylor <otaylor at redhat.com> wrote:
...
> * Does not have a backdoor inserted
> * Gets timely security updates
> * Is updated when a new stable release of the software is made
> * Has not been modified from the upstream in a way that introduces new bugs
> * Upstream will accept bug reports if you are using this package
> * Bundled dependencies have appropriate licensing
That's a good list.
> "accepted as an official build by the software author" is an interesting factor to take into account when picking between sources of the same application. But it's certainly not the only one. E.g., someone might prefer Debian built Flatpaks because they want to make sure that everything has been independently verified.
Does this imply a verification process that's independent of any
repository/hosting service, and covers all of them? I'm struggling to
imagine how it would work in practice.
> ... What if, instead, you had a single Inkscape icon, and when you went to the details page, some source was selected by default (perhaps the policy has site/system/user configurability), and then you could change that if you cared. (Perhaps the same interface for switching the source of installed applications as well.)
I agree that's a better experience than showing multiple apps in a
software centre, and it's the kind of UI we've wanted in GNOME's
Software app for a little while [1].
Allan
--
[1] https://raw.githubusercontent.com/gnome-design-team/gnome-mockups-software/master/wireframes/app-details.png
(see the source drop down in the header)
More information about the Flatpak
mailing list