You make good points about the code review. I still feel like there is something to be done to lower the "red tape" currently required.
Is anyone more familiar with how Ubuntu (for example) handles their submissions and review? (I only have a vaguely fuzzy idea) It seems from the outside that with so many contributors and packages, that whatever system they have in place would be pretty battle-tested.
Quote:as for allowing third party repos in the official repo; this would tear down the borders between code offered by us and third parties we have absolutely no control over. that is not acceptable from our pov, since we feel/are reponsible for software offered on our servers. since the python in xbmc isn't sandboxed, there needs to be a HUMAN reviewing all the add-ons looking for harmful code. this is us behaving reponsible, not us distrusting other authors. sure, there can malicious behaviour (not gonna happen very often) or good old brainfarts on the authors behalf.
i think the fact that we do this is missed by a lot of peeps.
The picture I have in my head serves to add to that border, first by giving you a chance to say "Hey wait a minute! These are untested and unofficial and will set your machine on fire" or etc. I don't think you can keep people from installing repos with bad software. I feel like the best approach there is to educate those willing to listen (nothing you can do about those who aren't). The second is by peer review so for example:
I push out a service addon that opens an elevated command prompt and runs deltree "C:\windows" in a loop forever. 5 users get hit and flock to the forums. Team-xbmc sees what's going on and black lists my repo, preventing it from spreading any further. Users who manually install this new service are still boned, but nothing you can do about that anyway. If team-xbmc becomes the connection point (even through the chain of providing the repo only) for discovering all addons, then you actually gain a measure of control. I realize that this isn't a perfect or completely feasible solution, but I hope that discussing it's merits and shortcomings can lead in that direction