openSUSE BuildService Integration
As you know KDE-Apps.org and openDesktop.org are repositories for KDE application. At the moment over 3600 KDE applications are listed on KDE-Apps.org.
You can search applications and rate them, add comments, become a fan of an applications subscribe to an application to get notifications about updates or use the integrated knowledge base system for the apps.
The problem starts if you want to download an app. Most apps are only available as source file or binaries for one or two distributions. It is a lot of work for the developers of the applications to compile and package the apps for every distribution.
So an end users can´t download an interesting KDE application from KDE-Apps.org most of the time and has to use the distribution package manager. But not all distributions provide all the available apps and not always in the most current version.
As you know the openSUSE build service is a great service for developers to automatically build and package software for most Linux distributions and even for Mac and Windows in the future.
Since over a year I talk with our friends from Novell about a possible integration of the Buildservice with KDE-Apps.org and openDesktop.org.
Today I can announce that the first step is finally done.
You can add your buildservice project and package id to your application on openDesktop.org and all the available packages for the different distributions automatically show up on the application page. I think this a good first step to help our users to get our great software and also make the life of the developers easier.
This is not the end of the road of course. Soon you will be able to upload you application directly from Qt-Create or KDevelop to KDE-Apps.org and the openSUSE Buildservice. The application will be build for all supported platforms and our users can download the apps via the KDE-Apps.org website or GHNS.
I´m really exited about this improvement.
What do you think?
Security:
In the last few days an old discussion about the security of third party packages for Linux heated up again. The problem is that we don´t have a good signing, sandboxing oder other security system for binary packages in Linux. Solutions as AppAmor or SELinux are not used at the important places. So it is a risk for the user to install packages from third party webites. You never know what you get and if the package is safe.
This is not a specific problem of the openDesktop.org sites. It is the same situation for packages from the openSUSE Buildservice, from Sourceforge, Freshmeat, Ubuntu PPAs or any other place.
So the question is what can we do to improve the situation. Markey already blogged about a suggestion for Amarok plugins. Having everything in a central repository is a good idea for Amarok but I´m not sure if this works for all kind of packages.
I will organize a BOF session at Camp KDE in January to discuss this problems with everybody who is interested. I´m sure we can come up with good solutions to fix this security problems.
Everybody is invited to join the discussion.
User registrations:
A few days ago we reached a new record of registered contributors. At the moment over 150,000 users are registered on the openDesktop.org site. This are all people who are contributors. User who are only interested in reading and downloading stuff don´t have to register. This is really impressive, expecially because we have 100 to 150 new registration every days.