Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Announcements GNU is Not Unix Software

Canonical Fully Open-Sources the Launchpad Code 104

kfogel writes "Canonical has just fully open-sourced the code to Launchpad. Although we'd said earlier that a couple of components would be held back, we changed our mind. All the code has been released under the GNU Affero General Public License, version 3. 'Canonical will continue to run the Launchpad servers, taking care of production and deployment issues; opening up the code doesn't mean burdening the users with all of that stuff. At the same time, we'll institute processes to shepherd community-contributed code into the system, so that people who have ideas for how to improve Launchpad can quickly turn these ideas into reality.'"
This discussion has been archived. No new comments can be posted.

Canonical Fully Open-Sources the Launchpad Code

Comments Filter:
  • by BladeMelbourne ( 518866 ) on Tuesday July 21, 2009 @08:30AM (#28768915)

    I [heart] this company and Ubuntu,

  • Debian (Score:5, Interesting)

    by James_Duncan8181 ( 588316 ) on Tuesday July 21, 2009 @08:33AM (#28768953) Homepage
    Please now consider standardising on this. It's much better technically than Debian's current infrastructure, and will enable much, much easier sharing of patches. Finally the community could be reunified a bit, and PPAs for Stable would also be an important improvement for Debian.
    • by draxil ( 198788 )

      Sounds good to me!

    • Noo! Please! No more PPAs!
      • Re:Debian (Score:4, Insightful)

        by Tweenk ( 1274968 ) on Tuesday July 21, 2009 @09:59AM (#28770053)

        That's ass backwards. We need *more* PPAs with the latest versions. What's missing is an easy way to pick them from a checklist while automatically fetching GPG keys. This way you have something like an open app store, and it solves the problem of not having recent enough versions in the repository - you need a bleeding edge version, you check the relevant PPA and the latest bells and whistles magically appear in the package manager.

        • The solution would be to stick the recent versions of every program in ONE repo so that we don't keep having to add them to our sources.list!
          • Re: (Score:2, Informative)

            by stevey ( 64018 )

            And we could call that "unstable", right?

            Actually launchpad for Debian would suck - we shouldn't have to sign up to a site to submit bug reports.

            • Unstable... or "testing"...haha Standardisation would be nice- but not everyone would agree with it.
          • by tenco ( 773732 )
            That's no solution, that's asking for trouble.
    • Re: (Score:3, Insightful)

      by Tweenk ( 1274968 )

      Personally I'm waiting for them to add better integration of PPAs into Synaptic. For example, when I need a bleeding edge version of Banshee, or some application not in Debian like Handbrake, I pick its PPA from a list, enter the password and it magically appears in Synaptic. After this I'm asked which programs from this PPA I want to install (again a list for PPAs that have several). Since it allows only PPAs and not some arbitrary repositories, it could be protected against malware to some extent. This wo

      • Re:Debian (Score:5, Informative)

        by Dr_Barnowl ( 709838 ) on Tuesday July 21, 2009 @10:35AM (#28770495)

        The problem with this is that PPA means "Personal" Package archive and a lot of them are just that - an arbitrary repository. In many cases you are trusting some random stranger, and not Canonical, to have produced a package that doesn't contain horrendous malware. Every Launchpad user is entitled to a 1GB PPA just by signing up. Mine contains packages for MythTV with patches to fix a bug that hasn't made it out to the stable branch yet. You can install them if you really want to, but do you trust me? And how do you distinguish from all the other people with MythTV in their PPA?

        Lots of projects have links to deb packages that install their GPG key and their PPA, after which you can see them in Synaptic, but this still isn't any guarantee. About the only thing you can do is be careful which groups you install keys and PPAs from. And I'd guess the reason that more of them aren't in the Universe repository is that the task of vetting them all is a mammoth one.

        • Lots of projects have links to deb packages that install their GPG key and their PPA, after which you can see them in Synaptic, but this still isn't any guarantee. About the only thing you can do is be careful which groups you install keys and PPAs from.

          I'm curious if anyone thinks the "web of trust" around signing other GPG keys could work here. The idea being that more trustworthy PPA members would have their keys signed by many others, while less reputable PPA members would have limited key signatures. This would essentially be a rating system of trust for PPAs.

          I know when I use add a new PPA, I try and do a bit of research (e.g. find a lot of links to, or comments about, the PPA) that makes me feel better about trusting some third party binary.

      • Re: (Score:3, Informative)

        by Nevyn ( 5505 ) *

        Personally I'm waiting for them to add better integration of PPAs into Synaptic.

        Well unless the authors become dumbasses overnight, you'll probably be waiting a long time. Package management needs to be a single coherent database, making it much more distributed than it needs to be is just asking for pain ... PPAs/KoPeRs aren't terrible in moderation, and solve a couple of problems. But if you make them easily available (ie. available to people who don't know what problems they cause) the solution is much

        • by jopsen ( 885607 )

          ... PPAs/KoPeRs aren't terrible in moderation, and solve a couple of problems. But if you make them easily available (ie. available to people who don't know what problems they cause) the solution is much worse than the problem.

          I agree PPA are good if you want the newest software and understand that installing these packages might break your system... People who don't understand that shouldn't be using PPAs...

  • by migla ( 1099771 ) on Tuesday July 21, 2009 @08:38AM (#28768995)

    Status should be changed to "Fix released", then:

    https://bugs.launchpad.net/ubuntu-community/+bug/393596 [launchpad.net]

    • And as if by magic, it is done.
  • Hm, kind of like GitHub in that regard, then. The nice thing about just picking one source code mgmt system is that you can write a good UI specifically for it. Of course, the cost is that folks have to move over from Subversion or whatever.

    • Re: (Score:3, Interesting)

      by Keyper7 ( 1160079 )
      You can avoid an abrupt transition, though. I've heard that the Bazaar svn plugin is quite good.
      • It's gotten to be very good ; I interact with SVN solely through Bazaar these days, not least because it makes the pain of our ludicrous network topology much less.

        It also makes branching much easier - and you're much more likely to branch, because your boss isn't going to say "hey, who keeps cluttering the repo with new branches".

        Although if he's the kind of boss who watches the commit RSS feed he might start to think you're slacking until you merge and push your first big patch.....

    • I don't understand why people have to move. PPA isn't exclusive of Subversion, or any other system, is it? I have some PPA's on my systems, some Subs, I mostly use Synaptic for over all management, but sometimes I find myself going CLI with apt-get - especially when dependencies just won't "resolve themselves". If/when PPA can do everything a person might want to do, then a lot of people probably will move. But, I don't see this happening soon, nor do I see it being a unanimous mass movement. Maybe amo

      • Re: (Score:1, Informative)

        by Anonymous Coward

        I don't understand why people have to move. PPA isn't exclusive of Subversion, or any other system, is it?

        Launchpad's PPAs use existing Debian tools to submit source packages, along with some custom scripts to compile them.

        To add a package to a PPA, you only need to upload a few files to a FTP server (after signing them with GPG).

        Launchpad uses Bazaar for its hosted version control system. This is independent of the PPAs (and the Bug tracker, translation tool, and most everything else).

  • Talk about hoops (Score:3, Informative)

    by Norsefire ( 1494323 ) * on Tuesday July 21, 2009 @08:43AM (#28769063) Journal
    It's as if they don't want anyone to download it.

    First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.
    Why do they not have the version *they* use in the repo for *their* operating system?

    That aside, the rocket-fuel script then downloads, unpacks, installs, alters and generally takes too long. And if that wasn't enough ...

    ## Note that this will make changes to your Apache configuration if ## you already have an Apache server on your box. It will also add ## entries to /etc/hosts and it will setup a postgresql server on ## you box. ## If you want to play safe with regards to your existing Apache, ## try this out in a virtual environment first.

    And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

    How about a way to browse it online? I just wanted to see what language it was in, according to the docs it's Python but it would have been nice to be able to take a look at it without spending "a few hours to get everything" jumping through hoops.

    • by migla ( 1099771 )

      I haven't looked that closely, but can't you go to https://launchpad.net/launchpad-project [launchpad.net] then click on a sub-project and then on the "Code"-tab?

    • Re:Talk about hoops (Score:5, Informative)

      by Anonymous Coward on Tuesday July 21, 2009 @08:53AM (#28769171)

      First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.

      Why do they not have the version *they* use in the repo for *their* operating system?

      Don't be a drama queen now, 1.16.1 was only recently released and you know Ubuntu policy about stable releases.

      And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

      bzr get lp:launchpad

      Is that easy enough for you? ;)

      How about a way to browse it online? I just wanted to see what language it was in, according to the docs it's Python but it would have been nice to be able to take a look at it without spending "a few hours to get everything" jumping through hoops.

      https://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/files

    • Re: (Score:1, Informative)

      by Anonymous Coward

      You can browse the code here:

      http://bazaar.launchpad.net/~launchpad-pqm/launchpad/devel/files [launchpad.net]

    • by Dukhat ( 198764 )

      There is a link to the source code on this page.

      https://code.launchpad.net/~launchpad-pqm/launchpad/db-devel/ [launchpad.net]

    • It's as if they don't want anyone to download it.

      ...

      And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.

      Once you've got bzr 1.16.1 or later you can do bzr branch lp:launchpad to get the Launchpad code. That's pretty easy. Then, if you find yourself fixing a bug, you have a working tree in which to commit your changes. A tarball is a static lump with no history and no future, and if you want tomorrow's code, you'll have another big tarball to download.

      How about a way to browse it online?

      http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-devel/changes [launchpad.net]

    • http://packages.ubuntu.com/karmic/bzr [ubuntu.com]

      So in other words, Launchpad developers are also Ubuntu developers. Imagine that.
    • by tolan-b ( 230077 )

      Whinge moan :)

      They decided to release early so people can have a go with it, give them a chance fs.

    • by Nevyn ( 5505 ) *

      First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.

      bzr-1.16.1-1.fc11 is the current version in Fedora 11 :)

  • Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects? Or are they talking about some kind of framework / os that Launchpad runs on?

    As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?

    • by Beuno ( 740018 )

      Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects? Or are they talking about some kind of framework / os that Launchpad runs on?

      As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?

      This is the full exact source code launchpad.net runs.

    • Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects?

      Yes.

      As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?

      There already were alternatives to sourceforge. Google GNU Savanna, for instance, which is running the same software (sourceforge runs a commercial fork of the original code iirc).

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...