App Certification for NethServer 8

Howto
1

Hi folks

We need to organize the apps currently present in the software center.

If an administrator wants to install an app, they must be clear about who created it and how robust it is, certified by others.

At the moment there is no clear path for certification, and I would like to create an howto to clarify the matter a bit :slight_smile:

Characteristics/Requirements for an app to belong to one of the three categories:

  1. Official: Supported\Created and certified by Nethesis.
  2. Certified: Supported\Created by others but certified by Nethesis.
  3. Community: Supported\Created and certified by the community.

Software Center Checklist

Certification requirements valid for all to enter the Software Center - in NethForge/Default/Subscription repository:

  • Does not break anything.
  • Does not crash during usage.
  • LDAP integration (if possible).
  • Optional backup/restore, but if included, must work well.
  • Functional clone/move.
  • Functional update management.
  • Translation support.
  • In the About page:
    • Contact information for the supporting company/person (name, website, email).
    • Links to the original project and app’s source repository.
    • Link to the manual/documentation page.
    • Clarification on support duration, update management, and upstream upgrade (update frequency, major release).

Staging (Level 0) :test_tube: :

Apps created by the community and residing in authors’ personal repositories:

  • Not required to meet the Software Center Checklist.
  • Each app generally has a reference discussion in the App category.
  • These apps remain outside the Software Center; we assume no responsibility for their functioning.
  • Level 0 because it has no entry barrier; creating a new topic and providing installation information is sufficient.

Community (Level 1) :people_holding_hands:

Apps produced by the community and authorized to enter NethForge. It’s a sort of community self-certification with minimum requirements:

Must meet the Software Center Checklist.

  • Tested and certified by (at least 2-3?) community members.
  • Support from the app creator in the community ( with link to the reference discussion).
  • App entry in the manual’s table (generated by PR or automatically).

Certified (Level 2) :1st_place_medal:

Apps produced by third-party (e.g., Software Company Name) but certified by Nethesis (Or people on our behalf).

Requirements:

  • Developed and supported by another company.
  • Request for a manual page with essential information.
  • It must be clear:
    • who to ask for support.
    • how long the app will be supported
    • how updates will be delivered.

Official (Level 3) :star2:

Apps produced by Nethesis and certified by Nethesis. Includes Software Center Requirements + Level 1 + and Level 2 requirements. Developed and supported by Nethesis, e.g. WebTop, NethVoice, NethSecurity Controller.

  • Request for a comprehensive manual page.
  • English and Italian translations.

App Info page

The App Info page of each app in the software center should displays:

  • The list of certified requirements.
  • The certifier (Nethesis, another company, or entity).
  • Author.
  • Version date.
  • [Number of installations / Rating].
    .

What do you think?

4 Likes
2

I wonder why 3 categories/levels. I mean, if it is in Software Center (via controlled repo’s) the module is certified. Who made the module to me is a minor detail, but not worth categories. Next to that, everybody can add a repo just like with NS7.

What exactly are you trying to achieve for the proposal is full of mandatory requirements that could limit the feeling of being free to create a module and release to whomever want’s to install is.

IF you would like to categorize stuff, then would suggest you only endorse the official repo’s. Anything else is ‘use at your own risk’, which it is anyway, despite categories or not.

It has always been Nethesis repo or community member repo. Crystal clear to me.

So what I think? Too much mandatory, over-regulated and useless for nobody takes responsibility of a module anyway. Why would Nethesis want to control community work?

BTW, calling community repo’s ‘Jungle’ and level 0 and represented by a monkey avatar is not done imho and I find it very offensive.

HTH

1 Like
3

This is a very welcome move
@alefattorini there is also something i would you to take note of, which I have experienced

as with level 0, true there could be apps built and jut sitting on the developer repo. and by not being in software centre, meaning does not have a published app repo.

there is also instances for apps built, shared by community, but because it may not have traction by community, and the developer has users with use cases for it, may choose to publish the app in their own software repository.

We currently have Genforge repo available, that has a number of apps.

While our goal is to have mot of those apps published on nethforge repo, so that they are widely available to more users, there are apps that i am not sure would be possible to have them listed on nethforge.

why do i say this.

  1. will community test all the apps, even if they dont use them?
  2. will nethserver/nethesis, provide the resources for testing non convectional apps and iterete on the tests tilll the app meet the required test conditions.

Assuming i am building a technical engineering app. the community will have no need to test that app, since no one uses it.

Equally, i am not sure if nethserver, unless it changes, would dedicate resources and time to test the solution if no single community member has tested the app.

Will there be a dedicated person from nethserver who’se purpose is to test apps and approve them, i must admit, i have gotten some rather harsh response on the testing of submitted apps for listing on nethforge.(that’s old news anyways)

Testing is the biggest problem. the developer might test most workings, but might for one reason or another overlook some other aspects, it does not mean they intended to submit a subpar app, that being the case, alot in terms of testing need to be put into consideration.

Note:
NEthDev have more experience with the platform than anyone else, and equally given, a significant support and effort is required to help app dev test and refine apps, its an iterative process,
so in the testing process, if coming from internal, or certified testers, it would be good if there is proper feedback on something like below

  • We can not add your app to the repo, because it does not implement backup and restore, yet it can be supported.
  • Kindly implement feature A and B first then request to relook.
  • FUnction this is not well implemented look into it… and so on…

Basically more clearer would help foster better development for future app developers, otherwise its a learning experience and a great move

4

Yep, just edited with a new name

Actually we never use properly NethForge on 7.
I’d like to give more visibility to a community member and the possibility to add his app to a certified repo. Not only on his personal repo. But we need to check his work, and check an app requires time.

Yes but it won’t be an open app store to everyone.

You misunderstood the move, at the contrary, we need to open. I’d like to give the chance to everyone to create is own app, certified by others (clone, move, backup, and so on…)

5

Who certifies the testing community members? Is a ‘it works for me’ ok? Is it 2 or 3?
Mandatory support?
What is PR?

6

Pull Request–it’s how you propose changes to a GitHub repository.

2 Likes
7

Since I can’t judge it myself in the slightest, it would be important to me to have a certificate that basic security standards are not being violated and that the app can be considered secure according to the state of the technology.

3 Likes
8

+1, this is very important for a server facing the internet.

1 Like