Closed Bug 936444 Opened 12 years ago Closed 9 years ago

Auto-approve (don't review) updates to non-privileged apps

Categories

(Marketplace Graveyard :: Developer Pages, enhancement, P2)

Product:
Marketplace Graveyard
Component:
Developer Pages
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: eviljeff, Unassigned)

References

Details

(Whiteboard: [feature] [repoman][marketplace-transition])

Currently, a developer can submit a hosted app to Marketplace, have it approved, and then update all the content without us reviewing it further. We only take a second look if something significantly is changed in the manifest. If that developer packages up that app into a zip, with the same functionality, content and permissions, then each time the update is reviewed by us. This is inconsistent, and a largely unnecessary use of our reviewer resource. So instead, updates to non-privileged packages apps should be auto-approved by Marketplace. Any significant manifest changes (such as a name change) would be flagged, as with hosted apps. Privileged apps will continue to be fully code reviewed on every update as now (as would an existing non-privileged app that changed to be privileged). The risks are the update is broken in some way, or contains something prohibited by our review guidelines - but those risks are shared by hosted apps now so we would deal with them in the same way (i.e. abuse reports and other feedback). Changes needed in upload flow: * if privileged version then continue as now * if non privileged version then change status to FULLY REVIEWED and show different messaging post upload to indicate that the update has been auto-approved and is live immediately. * if non privileged version and there are significant changes in the manifest - whatever is currently detected for hosted apps in the cron job (changes in name, developer name?) - then flag for re-review.
Keywords: productwanted
Assignee: nobody → dbialer
Priority: -- → P2
Severity: normal → enhancement
Whiteboard: [feature]
thoughts on this David?
Flags: needinfo?(dbialer)
This seems a good idea. I can't think of any security implications. Perhaps it is a [repoman?] bug.
Flags: needinfo?(dbialer)
Keywords: productwanted
Whiteboard: [feature] → [feature] [repoman?]
(In reply to Andrew Williamson [:eviljeff] from comment #0) > * if non privileged version then change status to FULLY REVIEWED and show > different messaging post upload to indicate that the update has been > auto-approved and is live immediately. The status would be approved but waiting (or whatever is the exact status is) for those apps that have that option selected too.
Whiteboard: [feature] [repoman?] → [feature] [repoman]
Assignee: dbialer → nobody
Assignee: nobody → mpillard
Depends on: 1019249
Assignee: mpillard → nobody
Depends on: 1105507
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Whiteboard: [feature] [repoman] → [feature] [repoman][marketplace-transition]
You need to log in before you can comment on or make changes to this bug.