Application curation?


#1

Just randomly opening this topic, following some thoughts and ideas that appeared in various recent discussions.

(The big issue behind this is of course “who would do it”, since it implies a lot of human work, but essentially just trying to gather thoughts about this)

We currently have a level system to control the technical quality of the app, and this is great ! Yet, this doesn’t tell much about the “ethicality” or “spirit” of the application itself. This is to be compared to the kind of thing that the F-Droid repository does : when you install an app which, for instance, relies on or promote proprietary services, you get a warning that “you might not be happy about some features”.

In the context of YunoHost apps, it would be nice to have some human-reviewing checking for the following kind of stuff :

  • legal stuff : licence of the app, trademark?, … This relates to the recent discussion about including non-free apps in the community.json list. (In fact it turns out that we do have already some non-free app in the list, I believe). More subtil stuff related to trademark which make the status of some supposedly “free” apps, but trademark breaks freedom n°0.
  • reliance or promotion of third party proprietary / unethical services : we’ve seen a few apps (i think strut ?) in fact including google analytics or google fonts in their code …
  • respect of the spirit of yunohost : by this i refer to some apps like glowing_bear, which are nice and everything, but (in the case of glowing_bear) doesn’t install weechat. So in fact you need to run a few technical steps by yourself, and basically the app ain’t working “out of the box”.
  • reasonnable use of ressources / ecological cost ? : dunno about this, but i regularly think about the infamous Sympa using 500M of RAM doing nothing … but that’s kinda arbitrary.
  • … to be completed … not sure what’s the limit. Probably having a deeper look at what F-Droid people do would be nice.

#2

That’s indeed interesting. Don’t know how we could actually do those checks.
But I think that’s already a good idea to bring that up.


#3

Good idea
Personally I think that it is something that can be asked to packagers (perhaps in the manifest or readme or else). After all:

  • they are the ones who know the app best
  • the ‘cost of entry’ to package an app is already quite high in terms of learning and documentation, so adding a few extra things to the manifest or readme won’t make such difference
  • they have at least some knowledge of yunohost and its philosophy

I think it would be easiest for this to just be declarative. For my apps, I can say whether they are light or not, free or not, shady or not.
The philosophy thing might be trickier, but it could be solved by a short ‘survey’ like in popular press magazines. “Is your app free software? Yes/no” “does it help building a decentralized web? Yes/no” (or a scale from 1 to 3 or 5). Then you sum the points and this declarative score is the “philosophy match”

Auditing this externally would require too much resources… Especially for apps the auditors don’t know. As the code is on git anyway, everyone is still free to review anyone’s code and contest (in the form of open ticket) if they believe there are inconsticencies.