Wednesday, December 21, 2011

Announcing AppRepo

So after 4 years from my old post about this, finally I implemented it somewhere.

Introducing the new, shiny, http://apprepo.kagesenshi.org :D

So what is the project?. In essence its nothing much, just a website which list applications for Fedora, allow user feedback and rating, and make it easier for users to discover applications in Fedora. It is basically yet-another-appmarket/appstore, but focusing on Fedora packages.

We already have PackageKit Add/Remove Software tool, why bother?

The problem is the package approach. To the end user, the concept of packages is foreign and scary. The cryptic names of packages and also the listing of non-application packages simply overwhelms them.

It is also difficult to discover interesting applications in a package management tool. Unless you know what you are looking for, its very easy to get lost in the vast gallery of library packages, data packages, meta packages, and application packages in the repository.

As the repository grow, it also make it longer and harder to search and discover new apps.  I used to browse the repo once every release back in the old days to find if theres anything new, but now theres way too many packages to browse through.

Why now?


Its now or never. The rise of iOS and Android also give rise to the AppStore/AppMarket concept, where users can easily discover new interesting applications from the market. Users are getting more familiar with it and started to expect it from other platforms too.

Ubuntu have a similar tool called the Ubuntu Software Center for a while now, but Fedora yet to have a viable alternative (at least none that I'm aware of)

Why web application?

Primarily is laziness on my side. Lots of components I need for this is already available in Plone, so might as well just use it rather than reinventing stuff.

With HTML5 and browsers getting more powerful, imo it makes sense to just utilize the capability.

I also want to integrate the social aspect into the AppRepo, and a web app is easier for that.

I want to help out!

If you want to help in the coding side, check out a little guide to deploy this site in your local at the about page: http://apprepo.kagesenshi.org/about. Nicer UI designs are most welcomed. Another way you can help out is to populate the site with more applications.

Gotchas


I noticed one insecurity with the browser plugin flow,  not on the plugin itself. It never asked for my confirmation with a list of packages to be installed, it only asked the root password, and that is a security problem imo. Confirmation should be done at local side as its possible to hide the package lists to be installed from the user in the website. Filed a bug on that. #769508


Another gotcha is , the PackageKit plugin only installs one package at a time, which is not nice in an application point of view, as an application or an application addon might consist of multiple packages before it becomes useful. Eg: "Empathy" is an application, single package, but "LibreOffice" is an application, which consist of multiple packages to get the full set, another possibility is "Additional protocol support for Empathy" where its an application addon group, which has several packages. Filed a ticket on that too. #769510

I wonder how much less secure a gnome-shell like plugin that provide a javascript function to install packages only from the installed, signed repositories compared to the current plugin. Even the current plugin, it is easy to phish for click. For security reasons, the installation confirmation imo should be in the form of local packagekit window that list out things that are to be installed, requested by what site, and ask for the root password. A trusted list of allowed sites that is allowed access to the JS function is also another option.
Post a Comment