Feeds

Ubuntu devs to get 15-min code review, full SDK love – Canonical

Faster, smoother, sandboxier

Mobile application security vulnerability report

Changes in Ubuntu will speed up the process of building apps and getting them approved for Software Center - but they could leave you more tied into the Linux distro’s software development kit (SDK).

Canonical has said it is changing the way packages – another name for the apps that make the basic operating system interesting – are developed, downloaded and managed by penguins.

The company is also rolling out further sandboxing to contain naughty third-party apps and rogue code and to streamline the process for getting packages approved for download from the Ubuntu Software Center.

For better or worse, though, it sounds like you’ll have to use the Ubuntu SDK instead of cross-platform widget toolkits such as GTK or QT – hard luck for those of you who love your GIMP.

Ubuntu community manager Jono Bacon here revealed future versions of Ubuntu will feature something called "click packages" – a means of automatically wrapping up your project’s code simply by pressing a button available inside the Ubuntu SDK.

It seems the click packages will be used instead of the Debian packaging format – .deb – used primarily for building the operating system.

The maintenance of Ubuntu packages is being turned into an online service, too, according to Bacon, and click packages won’t include full dependency resolution.

Currently, packages are synched when you update using apt-get that checks back with the Ubuntu archive. Obviously the more packages, the more complicated and slower it is to identify and solve dependency conflicts.

From now on, all dependency will be on the Ubuntu SDK. “With a click package the software simply depends on the Ubuntu SDK. This means we don’t need to worry about all that complex dependency resolution: we know the dependency, the Ubuntu SDK,” Bacon said.

Further, information on those dependencies between different modules will be served and stored as a web service. “Instead of maintaining a list of packages on the system… they are on a web service. You need a connection to download the package anyway, so why not ask a service which packages are available?" Bacon wrote.

Full sandboxing is also being used to help simplify the process for developers uploading and updating their applications in the Ubuntu Software Center. Sandboxing is already provided in the Linux kernel and is on by default from Ubuntu 7.10 onwards using AppArmour.

According to Bacon, sandboxing will mitigate the need for a full code review of apps trying to get into the Ubuntu Software Center. This review process had been something of a bottleneck with the manual process swamped by new packages and new versions of existing packages that had to be individually vetted for clearance.

“This, combined with click packages not having maintainer scripts and complex dependency chains, makes reviews much easier and more efficient,” Bacon said. He promised review in less than 15 minutes, down from “multi-day” code reviews.

Click packaging and sandboxing is “largely complete” but the work on the latter is unlikely to appear until after the introduction of new display server Mir, Canonical’s replacement for the X Window graphic system currently used in Ubuntu. Bacon said Canonical is not investing in fixing keyboard sniffing in X.

Rather, the goal is for full implementation of Mir in Ubuntu 13.10, which will arrive in October this year – though there will be support for X if there are no Mir drivers – and for a default Mir stack by the 14.10 distro release in October next year.

You can get more technical detail on the Ubuntu website. ®

The Power of One Infographic

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.