Re: How about creating addons.gnome.org



On Sun, Aug 8, 2010 at 5:10 PM, Juanjo Marin <juanjomarin96 yahoo es> wrote:
> On Sun, 2010-08-08 at 15:28 +0200, Johannes Schmid wrote:
>> Hi!
>>
>> > Also, there should be a clear distinction whether an addon is Gnome
>> > approved (meaning it is reviewed, translated, probably hosted in the
>> > gnome git somewhere) or the work of a freelance dev. Distributions are
>> > welcome to keep  packaging  any of the addons, as they do now, but
>> > normally the maintainer's cost of distributing 100 or more addons
>> > would be too high (in my opinion). In this sense, I would love to have
>> > an easy way of installing add-ons that does not require you to copy
>> > files to some hidden directories. We should have a command line
>> > gnome-addon install add-on-name, which will download and install the
>> > add-on. That would be really neat in my opinion.
>>
>> While I would rather vote for a more complete "GNOME Appstore" solution
>> in the far future (possibly based on OpenSuSE build service), some
>> points to note:
>
> I think the addons.gnome.org could be a first step for this. Another step on
> this direction could be to revamping the GNOME Software Map (there is a
> recent theat suggesting this on the marketing-list) and gnome tv.
>
> [1] http://mail.gnome.org/archives/marketing-list/2010-August/msg00007.html
>
>> * This will only work for scripted plugins Python, Javascript, Ruby
>> * All compiled languages will suffer depedency problems
>> * It would mean that we install executable things into the user's home
>> directory. Some admins might not like this though of course mozilla does
>> the same. Security is an important point here.
>>
>> It is also a rather huge maintaince burden to check that the plugin
>> works with the installed version of an application.
>
> Yes, there are some technical open issues and resources problems to
> solve.
>

An additional requirement is to vet whenever a new version of a addon
is available
so that no trojan horse is introduced.
Mozilla (addons.mozilla.org) already has this requirement and it takes
up to a week
for the new version of your add-on to get vetted.
Mozilla developed a sort of CMS that helps the process and checks for
'dangerous' functions, etc.
The recent Sniff addon for Firefox that had the trojan horse did not
fail the vetting;
the addon was in the sandbox, a level before getting vetted.

Overall, addons.gnome.org is a great idea for 'scripted addons', such
as for Nautilus
and GIMP scripts.
It will take effort, but the result will make GNOME look even better.

Simos


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]