App Certification for NethServer 8

Feature
1

Hi folks

We need to organize the apps currently present in the software center.

If an administrator wants to install an app, they must be clear about who created it and how robust it is, certified by others.

At the moment there is no clear path for certification, and I would like to create an howto to clarify the matter a bit :slight_smile:

Characteristics/Requirements for an app to belong to one of the three categories:

  1. Official: Supported\Created and certified by Nethesis.
  2. Certified: Supported\Created by others but certified by Nethesis.
  3. Community: Supported\Created and certified by the community.

Software Center Checklist

Certification requirements valid for all to enter the Software Center - in NethForge/Default/Subscription repository:

  • Does not break anything.
  • Does not crash during usage.
  • LDAP integration (if possible).
  • Optional backup/restore, but if included, must work well.
  • Functional clone/move.
  • Functional update management.
  • Translation support.
  • In the About page:
    • Contact information for the supporting company/person (name, website, email).
    • Links to the original project and appā€™s source repository.
    • Link to the manual/documentation page.
    • Clarification on support duration, update management, and upstream upgrade (update frequency, major release).

App Info page

The App Info page of each app in the software center should display:

  • The list of certified requirements.
  • The certifier (Nethesis, another company, or entity).
  • Author.
  • Version date.
  • [Number of installations / Rating].

Staging (Level 0) :test_tube: :

Apps created by the community and residing in authorsā€™ personal repositories:

  • Not required to meet the Software Center Checklist.
  • Each app generally has a reference discussion in the App category.
  • These apps remain outside the Software Center; we assume no responsibility for their functioning.
  • Level 0 because it has no entry barrier; creating a new topic and providing installation information is sufficient.

Community (Level 1) :people_holding_hands:

Apps produced by the community and authorized to enter NethForge. Itā€™s a sort of community self-certification with minimum requirements:

Must meet the Software Center Checklist.

  • Tested and certified by (at least 2-3?) community members.
  • Support from the app creator in the community ( with link to the reference discussion).
  • App entry in the manualā€™s table (generated by PR or automatically).

Certified (Level 2) :1st_place_medal:

Apps produced by third-party (e.g., Software Company Name) but certified by Nethesis (Or people on our behalf).

Requirements:

  • Developed and supported by another company.
  • Request for a manual page with essential information.
  • It must be clear:
    • who to ask for support.
    • how long the app will be supported
    • how updates will be delivered.

Official (Level 3) :star2:

Apps produced by Nethesis and certified by Nethesis. Includes Software Center Requirements + Level 1 + and Level 2 requirements. Developed and supported by Nethesis, e.g. WebTop, NethVoice, NethSecurity Controller.

  • Request for a comprehensive manual page.
  • English and Italian translations.

What do you think?

4 Likes
2

I wonder why 3 categories/levels. I mean, if it is in Software Center (via controlled repoā€™s) the module is certified. Who made the module to me is a minor detail, but not worth categories. Next to that, everybody can add a repo just like with NS7.

What exactly are you trying to achieve for the proposal is full of mandatory requirements that could limit the feeling of being free to create a module and release to whomever wantā€™s to install is.

IF you would like to categorize stuff, then would suggest you only endorse the official repoā€™s. Anything else is ā€˜use at your own riskā€™, which it is anyway, despite categories or not.

It has always been Nethesis repo or community member repo. Crystal clear to me.

So what I think? Too much mandatory, over-regulated and useless for nobody takes responsibility of a module anyway. Why would Nethesis want to control community work?

BTW, calling community repoā€™s ā€˜Jungleā€™ and level 0 and represented by a monkey avatar is not done imho and I find it very offensive.

HTH

1 Like
3

This is a very welcome move
@alefattorini there is also something i would you to take note of, which I have experienced

as with level 0, true there could be apps built and jut sitting on the developer repo. and by not being in software centre, meaning does not have a published app repo.

there is also instances for apps built, shared by community, but because it may not have traction by community, and the developer has users with use cases for it, may choose to publish the app in their own software repository.

We currently have Genforge repo available, that has a number of apps.

While our goal is to have mot of those apps published on nethforge repo, so that they are widely available to more users, there are apps that i am not sure would be possible to have them listed on nethforge.

why do i say this.

  1. will community test all the apps, even if they dont use them?
  2. will nethserver/nethesis, provide the resources for testing non convectional apps and iterete on the tests tilll the app meet the required test conditions.

Assuming i am building a technical engineering app. the community will have no need to test that app, since no one uses it.

Equally, i am not sure if nethserver, unless it changes, would dedicate resources and time to test the solution if no single community member has tested the app.

Will there be a dedicated person from nethserver whoā€™se purpose is to test apps and approve them, i must admit, i have gotten some rather harsh response on the testing of submitted apps for listing on nethforge.(thatā€™s old news anyways)

Testing is the biggest problem. the developer might test most workings, but might for one reason or another overlook some other aspects, it does not mean they intended to submit a subpar app, that being the case, alot in terms of testing need to be put into consideration.

Note:
NEthDev have more experience with the platform than anyone else, and equally given, a significant support and effort is required to help app dev test and refine apps, its an iterative process,
so in the testing process, if coming from internal, or certified testers, it would be good if there is proper feedback on something like below

  • We can not add your app to the repo, because it does not implement backup and restore, yet it can be supported.
  • Kindly implement feature A and B first then request to relook.
  • FUnction this is not well implemented look into itā€¦ and so onā€¦

Basically more clearer would help foster better development for future app developers, otherwise its a learning experience and a great move

4

Yep, just edited with a new name

Actually we never use properly NethForge on 7.
Iā€™d like to give more visibility to a community member and the possibility to add his app to a certified repo. Not only on his personal repo. But we need to check his work, and check an app requires time.

Yes but it wonā€™t be an open app store to everyone.

You misunderstood the move, at the contrary, we need to open. Iā€™d like to give the chance to everyone to create is own app, certified by others (clone, move, backup, and so onā€¦)

5

Who certifies the testing community members? Is a ā€˜it works for meā€™ ok? Is it 2 or 3?
Mandatory support?
What is PR?

6

Pull Requestā€“itā€™s how you propose changes to a GitHub repository.

2 Likes
7

Since I canā€™t judge it myself in the slightest, it would be important to me to have a certificate that basic security standards are not being violated and that the app can be considered secure according to the state of the technology.

3 Likes
8

+1, this is very important for a server facing the internet.

1 Like
12

@Lucia_A @andre8244 and I are working on the Software Center mockup, and we would love to get your impressions and feedback on this working draft of the future app list appearance.

Main changes in the app list are:

  1. Certification Level ā€œbadgeā€ image, with a tooltip explanation shown when clicking on it.
  2. The badge Level count starts from 1, there is no level zero. Levels are five.
  3. Multiple app categories are displayed.
  4. App descriptions have been removed.

image
image1920Ɨ1080 150 KB

As said, the badge levels are five. These levels give a concise description of various aspects of the app, so an explanation is necessary.

  • Origin: Is it from a nethserver.org repository (i.e., subscription, default, nethforge) or not? If the repository is not official, the app is Level 1.
  • Certification: Is it certified by the Community or by Nethesis? Community certification brings Level 2, and Nethesis certification brings Level 3.
  • Author: Applications made by Nethesis are Level 4.
  • Support: If the cluster has an active subscription and the application support is included in the subscription, the app is Level 5.

We appreciate any feedback you can provide on these changes.

Thank you!

3 Likes
13

I would like to be able to ALWAYS see what origin was used to install the module/app. Not just the ones from Nethserver controlled repoā€™s represented by a number. Even if the original repo is no longer defined as a repo but was in the past. Things change, and authors/maintainers changeā€¦

Anyway, community apps/modules are always level 1 or 2 in this proposal.

So Odoo is L3, Zammad is L1 or L2 , Mail is L4 and anything covered by a subscription is L5 right? Where does Dokuwiki fit in?

To me (I am not interested in a subscription) the most important insight is ā€˜made by whom, and installed from where and whenā€™ So, an install date would be welcomed too.

It would also be nice and very handy if a list can be ā€˜printed, exported, PDFā€™ed, save locally with date in namingā€™ from the separate tabs with the various info in columns.

ps. It would also be nice/wise to have info available on HOW a module got installed. Via Software Center or manually like currently many. Also sys admins change so this is all valuable info.

HTH

14

I think that numbers are complicated to understand and remember. Let me explain, I never remember trust levels on discourse but always the name attachedā€¦

Numbers donā€™t speak, they donā€™t say anything.
Otherwise, you would use numbers instead of words in product pricing plans.
Itā€™s hard to remember numbers, thatā€™s for sure.

15

Thanks for your suggestion, as for now the goal of the new software center is properly filtering apps based on their ā€œaspectsā€

16

A simple pop-up upon hover would be sufficient I guess.

17

There is alot of white spaces on the app listing especially on the left and right padding, could that be improved.

I think it would be nice to still retain app description, even if not on the Main page, but somewhere somehow, we need to see description of the app.

In relation to certification, would nethesis/ Nethserver work on certifying apps not initially posted on nehtforge, that way.
If an app is certified, even when in external repo, upon submission to nehtforge approval are easier since the verification has been done.

WOuldnt it also be nicer if, App develoeprs would write the documentations in the wiki before submissions, then it could be added into the Official Docs, to me its semes abit more cumbersome Having to do PR for the Docs of apps developedā€¦ too much overhead at the moment.