Ubuntu App Review Board - Update and Planning for R cycle
Review ARB activity, and plan for the next cycle. Introducing new members.
* Some ideas from the App Developers Roundtable
* Require just one vote
* Currently is 3 -- might be better to just have 2 reviews rather than "votes"
* Any ubuntu developer as a first review
* Currently this is ARB-contributors team
* why not just add ubuntu-devel to ARB-contributors team?
* "archive admin role" -- license check, sanity check from ARB member proper
* Archive admin in Ubuntu includes a lintian check -- do we have an ARB-Lintian profile? We have a work item for it already
* Relax copyright checking (check with the TB)
* We have some tooling but not ideal to validate the dep5 copyright format
* Ideal tool would let us white-list some licenses and have the tool scan the dep5 copyright file to make sure it lists every file under at least one of these licenses; failures can be looked at manually.
* Restrict code review strictly to security checks
* Limit how we can
* AppArmor profiles can help us here (eg even a bad app would be ok)
* Could we use autopkg test to verify that app at least starts?
* Interestingly this provides a convenient way to inform how to write tests.
* Anything that can be automated is a good quality check that doesn't add time for us
* Integrate arb-lint into Quickly through proper Lintian checks
* Some other ideas
* Close the queue until it has been cleared out
* Review order should be FIFO imong the unreviewed
* Among the reviewed it should be FIFO for most recent comment
* Forward-copy apps to the next release
* Current process is to ask them to refile the app for queue, people who've had their app take months are more likely to drop out here.
* Desire: run app against the new automated checks, then forward copy it if it passes; warn them if otherwise.
* This needs to be a reliable test (but since we're supposed to have a reliable release pocket this should be ok when automated)
* Handling exception cases
* not good enough
* apparently malicious or dangerous
* needs system access
New model proposal:
* Technical review - any Ubuntu developers
* Compliance review - the ARB
[allison] Draft a new App Review Board process proposal based on the technical review + compliance review model and submit it to the Technical Board and ubuntu-devel: DONE
[bhavi] Publicize the process changes and ask Ubuntu developers to review any old apps as first step: DONE
[dpm] Investigate best way of having myapps handle first reviews from any ubuntu developers (eg putting ubuntu-devel into arb-contributors team): TODO
[ajmitch] Look at license-checking tools that are available besides licensecheck: TODO
[ajmitch] Investigate automated quality tests (eg autopkg test for starting the app without crash): TODO
[dpm] File a bug on MyApps to resort the ARB queue (persia had a good suggestion of how to sort); make a tool to resort ourselves if they won't: TODO
[ajmitch] Alternative queue view: TODO
[ajmitch] Investigate tooling to rerun tests on apps for next release, warn developers if new failure, forward-copy if otherwise: TODO