Feeds

Ubuntu devs to get 15-min code review, full SDK love – Canonical

Faster, smoother, sandboxier

High performance access to file storage

Changes in Ubuntu will speed up the process of building apps and getting them approved for Software Center - but they could leave you more tied into the Linux distro’s software development kit (SDK).

Canonical has said it is changing the way packages – another name for the apps that make the basic operating system interesting – are developed, downloaded and managed by penguins.

The company is also rolling out further sandboxing to contain naughty third-party apps and rogue code and to streamline the process for getting packages approved for download from the Ubuntu Software Center.

For better or worse, though, it sounds like you’ll have to use the Ubuntu SDK instead of cross-platform widget toolkits such as GTK or QT – hard luck for those of you who love your GIMP.

Ubuntu community manager Jono Bacon here revealed future versions of Ubuntu will feature something called "click packages" – a means of automatically wrapping up your project’s code simply by pressing a button available inside the Ubuntu SDK.

It seems the click packages will be used instead of the Debian packaging format – .deb – used primarily for building the operating system.

The maintenance of Ubuntu packages is being turned into an online service, too, according to Bacon, and click packages won’t include full dependency resolution.

Currently, packages are synched when you update using apt-get that checks back with the Ubuntu archive. Obviously the more packages, the more complicated and slower it is to identify and solve dependency conflicts.

From now on, all dependency will be on the Ubuntu SDK. “With a click package the software simply depends on the Ubuntu SDK. This means we don’t need to worry about all that complex dependency resolution: we know the dependency, the Ubuntu SDK,” Bacon said.

Further, information on those dependencies between different modules will be served and stored as a web service. “Instead of maintaining a list of packages on the system… they are on a web service. You need a connection to download the package anyway, so why not ask a service which packages are available?" Bacon wrote.

Full sandboxing is also being used to help simplify the process for developers uploading and updating their applications in the Ubuntu Software Center. Sandboxing is already provided in the Linux kernel and is on by default from Ubuntu 7.10 onwards using AppArmour.

According to Bacon, sandboxing will mitigate the need for a full code review of apps trying to get into the Ubuntu Software Center. This review process had been something of a bottleneck with the manual process swamped by new packages and new versions of existing packages that had to be individually vetted for clearance.

“This, combined with click packages not having maintainer scripts and complex dependency chains, makes reviews much easier and more efficient,” Bacon said. He promised review in less than 15 minutes, down from “multi-day” code reviews.

Click packaging and sandboxing is “largely complete” but the work on the latter is unlikely to appear until after the introduction of new display server Mir, Canonical’s replacement for the X Window graphic system currently used in Ubuntu. Bacon said Canonical is not investing in fixing keyboard sniffing in X.

Rather, the goal is for full implementation of Mir in Ubuntu 13.10, which will arrive in October this year – though there will be support for X if there are no Mir drivers – and for a default Mir stack by the 14.10 distro release in October next year.

You can get more technical detail on the Ubuntu website. ®

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.