Ubuntu App Review Board - Update and Planning for R cycle

Registered by Bhavani Shankar

Review ARB activity, and plan for the next cycle. Introducing new members.

Blueprint information

Not started
Jono Bacon
Bhavani Shankar
Application Review Board
Series goal:
Accepted for raring
Milestone target:

Related branches



Streamlining reviews
 * Some ideas from the App Developers Roundtable
   * Require just one vote
     * Currently is 3 -- might be better to just have 2 reviews rather than "votes"
       * Any ubuntu developer as a first review
         * Currently this is ARB-contributors team
           * why not just add ubuntu-devel to ARB-contributors team?
       * "archive admin role" -- license check, sanity check from ARB member proper
         * Archive admin in Ubuntu includes a lintian check -- do we have an ARB-Lintian profile? We have a work item for it already
   * Relax copyright checking (check with the TB)
     * We have some tooling but not ideal to validate the dep5 copyright format
       * Ideal tool would let us white-list some licenses and have the tool scan the dep5 copyright file to make sure it lists every file under at least one of these licenses; failures can be looked at manually.
   * Restrict code review strictly to security checks
     * Limit how we can
     * AppArmor profiles can help us here (eg even a bad app would be ok)
       * Could we use autopkg test to verify that app at least starts?
         * Interestingly this provides a convenient way to inform how to write tests.
     * Anything that can be automated is a good quality check that doesn't add time for us
   * Integrate arb-lint into Quickly through proper Lintian checks

 * Some other ideas
   * Close the queue until it has been cleared out
     * Review order should be FIFO imong the unreviewed
       * Among the reviewed it should be FIFO for most recent comment
   * Forward-copy apps to the next release
     * Current process is to ask them to refile the app for queue, people who've had their app take months are more likely to drop out here.
     * Desire: run app against the new automated checks, then forward copy it if it passes; warn them if otherwise.
       * This needs to be a reliable test (but since we're supposed to have a reliable release pocket this should be ok when automated)

 * Handling exception cases
   * not good enough
   * apparently malicious or dangerous
   * needs system access

New model proposal:
 * Technical review - any Ubuntu developers
 * Compliance review - the ARB


Work Items

Work items:
[allison] Draft a new App Review Board process proposal based on the technical review + compliance review model and submit it to the Technical Board and ubuntu-devel: DONE
[bhavi] Publicize the process changes and ask Ubuntu developers to review any old apps as first step: DONE
[dpm] Investigate best way of having myapps handle first reviews from any ubuntu developers (eg putting ubuntu-devel into arb-contributors team): TODO
[ajmitch] Look at license-checking tools that are available besides licensecheck: TODO
[ajmitch] Investigate automated quality tests (eg autopkg test for starting the app without crash): TODO
[dpm] File a bug on MyApps to resort the ARB queue (persia had a good suggestion of how to sort); make a tool to resort ourselves if they won't: TODO
[ajmitch] Alternative queue view: TODO
[ajmitch] Investigate tooling to rerun tests on apps for next release, warn developers if new failure, forward-copy if otherwise: TODO

This blueprint contains Public information 
Everyone can see this information.