-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feedback on the unverified badge from upstream #3131
Comments
I think I have some follow-up comments to this:
Mentioning usual |
Hi there. As someone maintaining a package who is completely separate from the people actually making it--the referenced package, even--I would also consider myself a stakeholder here. Packager / developer disjoint is standard in traditional packaging, but given Flathub's huge push toward verification, I can see how the way it's currently presented on the site is problematic. I think that in unverified situations, it would be beneficial to either not show the author at all, or show both the upstream developer per the metadata and also show everyone who has worked on the package recently. Given a packager's role is comparatively small--especially in Flathub where it's kinda easy--I'm not sure I would want it to be prominent, but I would definitely want it to be easily available. |
Yeah, I don't think #3125 should be implemented. We're not a traditional Linux distro, and ownership shifts between people somewhat easily due to the easy workflow with GitHub. |
Hi there! Since my issue was mentioned (and I'm also in the process of creating my own Unverified Flatpak), I thought I would chime in with some more thoughts. I'm glad this is being discussed. Even at the time of creation, I didn't think #3125 was a great solution. The important information is not necessarily who is responsible for the package, but who isn't. That is, Google is not responsible for the Flatpak package. So, you could remove the "by Google" line and add it to the Unverified badge: It needs some more work (maybe split it into two badges?), but I like this direction more. It's simpler and only a small alteration to the way the page is presented, not requiring changes elsewhere. Or as @TiZ-HugLife mentioned, simply don't show the author at all for Unverified apps and just provide a tooltip for the Unverified badge so users can quickly learn what "Unverified" means. I think the |
I like the idea to just drop the The problem would be with SEO in that case, as it carries important information for some apps. E.g. |
I guess that works, but it might be confusing. As a random user, I wouldn't expect to see a negation on an apps description, that might raise more questions, then it answers? |
I think "Not provided by" just creates more confusion, especially because it's there at the same time as the unverified badge. Maybe the "unverified" terminology, at least in user-facing areas, is what needs to go. And then instead, we could say: "Application developed by (Developer Name Here) |
I still lean towards what I mentioned in #2625 (comment):
I think the distinction is putting the unverified badge inline/directly next to the developer name when possible, and then including the extra information on click/hover to share the specifics. Ultimately I don't think we should say who the app is "provided by" e.g. "Flathub community" because that doesn't really mean anything… it's still developed by the developer, packaged by whoever has write access to the manifest repository, and ultimately distributed by Flathub—that's a whole lot of nuance to try to cram into one place that most people will not understand. Instead, let's focus on what we know:
If that's not satisfactory, then I agree that removing the developer name from the header completely may be the right move; we can't verify it's actually from that developer, so it's a valid argument to not show it as such—SEO be damned (want better SEO? verify your apps!). |
Real problem is, that a side by side won't always work on mobile (and looks bad IMO) |
For me, as a developer, it is important to differentiate between developer and packager. This is not the same (in most cases). It might be that this difference does not matter much to some/most users. But why hide the information for those users who care? In my experience, usually there can't be too much information but rather too less. If users do not care about the difference, that's ok as long as they can decide themselves. Not providing this information takes them the ability to decide. I wish the Flathub software pages would give a clear indication if the software packaged by a third party and also provide users with the information where and how to report bugs related to packaging. To me, the "Unverified" badge can mean anything. If you don't want to list individual packagers, why not at least add "Packaged by the Flathub team, report bugs at https://github.com/flathub/org.geany.Geany" or so. Then it would be more clear that the software is packaged by a third party and users know how to get in touch. |
"Hide" is kinda phrasing this wrong. The data does not exist.
If it's unverified it 's third party, doesn't get much clearer - bug related links can be found in the link section. Everything related to packaging needs to go to the manifest location. |
I actually dislike the "unverified" terminology itself, because it implies that Flathub doesn't know where the package came from, and it was just randomly uploaded by some schmuck. It implies that there is less of a process for package submission than there actually is. When in reality, Flathub knows full well who is submitting and maintaining a package, and if it's not the developer, they know why it's not the developer. And the majority of the time, that reasoning comes down to the developer having apathy toward Linux, anti-Flatpak sentiments, or uncertainty that the software will meaningfully function in Flatpak. The fact that a package is maintained by the community instead of the developer is in and of itself meaningful, but I'm not sure that "unverified" does a good job of conveying that and its actual implications. |
Alright, we need to revisit this. Someone filed an issue (flathub/org.geany.Geany#103) asking me to "verify the package", which is not possible given that Geany's developers do not endorse the package and are not interested in maintaining it themselves. Users are not getting an accurate sense for what verification means or entails, so I really think this "unverified" terminology just needs to completely go. |
Do not worry, I am well aware what "unverified" means since I am quite active in the Flathub community since 2017 or so. :) |
Here, me go ahead and copy your comment from the Geany issue over to here so it can be discussed with everyone all at once:
Any distro that chooses to ship Flathub with only the verified subset of apps enabled by default is their own prerogative; it's an understandable decision, but it's not correct to call Mint's decision in this regard "nuking" them, because that implies that they are blocking the installation of unverified applications, and that does not seem to be the case. What evidence do you have to suggest that other distributions will follow suit? What evidence do you have to suggest there are eventual plans to completely remove all unverified applications from Flathub? That does not seem like a decision that would be reflective of current reality. There are still plenty of applications (or plugins to existing applications) that do technically support Linux, but the developer is Linux-apathetic, so if the only way for them to be on Flathub is for the developer to directly get involved in some way, it will simply never happen. That said, if that's the way we're going, it lessens a burden of conscience for me. I've been thinking about stepping away from all of my FOSS involvement for some time for many varied reasons, but some of these packages are solely under my own care. And I know for some of them, I'm not even doing a good job anyways. |
I don't think that will ever happen, at least not from the flathub side of things. And in every (internal/external) flathub channel I'm part of, nobody ever suggested that. |
Well, I remember someone from the Flathub staff considering this, but it was a longer time ago. Anyway, I really think that it is just a matter of time before other distributions start disabling ("nuking" was not the correct term, sorry about that) non-verified apps from the default search results of their App Stores. Some of my Flatpaks will also be affected since it is not possible to verify them for one reason or another. |
Originally posted by @eht16 in flathub/org.geany.Geany#92 (comment)
The text was updated successfully, but these errors were encountered: