Blaming openrepos again? Are you serious?
Google search allow to search any rpm binary without source code
attached, download it and install, and some of found packages can be
untrusted. You can answer: what the **? Who cares about google? Of
course, we dont care if user did some actions for finding and
installing bad package to phone. But when we created good place for
storing packages with user comments, rating, repositories and great
native client, and we are not stupid, we know about existence
(*possible* existence) of malware, we keeping in mind future great
improvements for openrepos and so, then you going to be crazy. Why?
Because creator of openrepos is not you, because someone did this great
place, and its not you? Harbour and OBS restrictions are good? I dont
think so, but i dont want to force you to take my opinion. I'm using
openrepos and i am happy. But at the same time i am sad because of your
madness about openrepos existence.
Please stop this stupid openrepos blaming. If someone upload malware we
will ban it, post information everywhere. But in my opinion it will
never happen. We are NOT against FOSS, we are NOT malware/warez site.
Stop writing lies and speculation about openrepos.
On 04.02.2014 13:40, "Thomas B. Rücker" wrote:
My question has been lingering for a while. (
https://together.jolla.com/question/13605/visible-open-source-app-community-supported-by-jolla/
)
But during FOSDEM we had a Sailfish/Jolla Community Round-Table (
https://together.jolla.com/question/11303/are-you-going-to-fosdem-2014-irl-floss-meeting-in-belgium/?answer=13864#post-id-13864
). This topic was brought up and seems Sailors are committed to address
this with pushing forward towards a clean open source app repository
with community QA and easy on-device access after enabling developer mode.
This would provide something like Maemo Extras and would be community
QA'd to ensure the apps don't pose major problems when installed. On the
other hand it would provide an easy middle ground for apps that don't
fit into harbour for various reasons (API calls, dependencies, etc.).
It will be backed by an OBS project on Mer community OBS, which has
Sailfish targets. OBS has come a very long way since we've seen it
first. I've personally had several apps build out of the box by just
_clicking_:
* create package
* source provision through tar_git
If the app builds on a clean SDK, then it's highly likely to build out
of the box also on OBS.
You may now say "what about openrepos?". They have chosen to be a site
for one-click RPM hosting repositories with no QA. Despite their best
efforts this approach has led to significant problems. Also it does
binary only uploads and thus non-free/closed applications and no
traceable chain from source to binary.
That said, if the openrepos client (warehouse) passes community QA it
will for sure be included in the community repository. Thus allowing
users to install it easily, if they so wish. We're not hostile towards
it, it just doesn't offer the level of trust to be a viable avenue for a
default community repository.
This is a PERSONAL summary of MY recollection of the FOSDEM discussion
on this topic. I hope that Jolla will now finally back this up and we
will see Sailors working towards this.
For those who already want to get started, there is a SailfishOS target
on OBS and a community repository called "Chum" where applications will
be visible in the future.
https://build.merproject.org/project/subprojects?project=sailfishos
Cheers
Thomas
_______________________________________________
SailfishOS.org Devel mailing list
_______________________________________________
SailfishOS.org Devel mailing list
