 Good morning. I'm Sebastian Kugler. I work for Blue Systems and I've been a KDE developer for 11 years Yeah so today There will be an announcement and it will be about a KDE software store and we We gave the subtitle Rethinking Software Distribution because that's That is really what we are What we're aiming to start with this project? Let's take it's let's take a few steps back So 15 years ago Frank Kaliczek was over there raise your head stand up. Yeah, he's hiding now because he's a really shy guy started open desktop which is was a site to distribute add-on content for KDE applications and the Desktop as it was called back then nowadays, of course plasma add-ons are for example wallpapers additional scripts themes, so all kinds of contents that enrich your desktop and That would lead to you being able to customize your desktop And applications a lot more. You can also think of add-ons for different applications For example maps in marble that kind of stuff. So pretty much everything but applications themselves applications themselves were a bit problematic since There are 200 different distributions and they all have different Formants they all have different versions. So you get a really complex matrix of binaries and That's just not very practical to distribute more about that later unfortunately Frank has a Pretty cool new hobby actually. I Don't think it's hobby. It's really a hobby anymore, but Frank had other things to do so there wasn't a lot of maintenance of open desktop. It would it still worked It was integrated It was running but it wasn't really Developed it was very innovative when it launched but after a few years different services popped up and it Was superseded in terms of functionality features user experience by things like Google's Google Play Apple's App Store and and similar services One of the cool things about open desktop is that it Uses an open API to talk to the server. So there's a well-defined way to get at all this Get at all this content. It's an it's a respace API XML in there and This API is used for example in plasma to allow add-on Installation you can think of being able to install additional wallpapers Also from a KDE point of view these sites were run by a third party and Something which has been bugging a lot of people was that this service was always proprietary. There were some Some attempts to make it free software, but it it never really worked out for different for various reasons So what happened this year Blue systems acquired Open desktop the sites and Put it into a sister company called pling the goal was to open source This technology and make it available and bring it back to life and you know restart development because we think it's a really important part of of the first of all a few user experience on the desktop and It can solve a pretty pretty big problem with Respect to software installation add-ons installation And we also wanted to have some some cooler features So what happened is that we turned to Katie look and Katie fights and all these I think about 60 satellite sites into a KDE branded store kept these things alive and Make the and we made the associated data available to Katie So there was a migration happening in the background and that happened So this big problem of Katie's reliance on a proprietary third-party store has now been solved and you probably didn't really notice it But it was it was replaced pretty much transparently In the background so the back end for the for the service was replaced with a more modern scalable code base The content was was cleaned up during migrations So all these things that didn't work for example when people were uploading open susan 7.2 rpm packages That just wouldn't work on almost any machine the content was Was cleaned up so all the all the links went Away so the things that are on there. They should actually work if they don't let us know and we'll clean that up There were some minor mishaps because we remapped categories But aside from that it all went smoothly and we didn't really have a lot of a lot of complaints and I Never noticed it that it that it didn't work The service is maintained by plane as I said, that's a sister company of blue systems and What's the really important thing is we signed a an agreement with KTV because we do not just want to make the source code Available we want KTV to be able to continue the service. That's a really important thing With respect to independence free software gives you independence, but we all know that if there's a web service title tied to it You can have the software, but if you don't have all the content Then you pretty much start from scratch and a lot of a lot of the value goes away. So the continuity From from for the past has been taken care of and the continuity into the future is now guaranteed Also, and that is something I really like No ads on the website There are no fees for for using it so you can try it out. There's no no financial risk whatsoever, you can get donations and a hundred percent of these donations that reach you through the site are for you. So there's no 20% fee for the big brother so a bit more about the service as I said, it's a it's a new code base we actually imported this new code base under a new license into Katie's get repositories and It's now licensed on a VA GPL, which is very suitable for web services It is also actively developed under the Katie Umbrella, so we got some new community members in there who worked on the code base Previously and will continue to do so and The whole project has been incubated into Katie as a Katie project because it's a really Vital part to many Katie applications. So the best place from a logical point of view is to do it in Katie But Katie is also a very suitable organization for hosting a free software project So what can we do with it? Our first focus was on Migrating to the new service cleaning it up and basically Doing the homework that hasn't really been happening in the past years. So it's cleaned up and the features that were there previously an installation of themes wallpapers icons, chasers, plasmoids, so all the Non-compiled content that is still there. What's also pretty cool is you can receive donations through the site now because we Want to make it worthwhile for people to work on these things and maybe this can generate a bit of a stream of income For people that encourages more people to take part. So we got more content. We create a richer ecosystem. We get a better Better product and we get happier users One thing about open open desktop is it wasn't just KDE focused, but there were sites for Xfce for For GNOME not as tightly integrated into their software But still valuable and they were there and they're still there and they're running and they're actually better now So for example the Wallpapers you would upload a wallpaper for KDE, but then it wasn't offered in GNOME So now I can upload a wallpaper and the GNOME users see it as well The same for Xfce and that's even Trinity look and what I just discovered That's really cool. There's a Historical look and it has like KDE to screenshots and all that So if you had a few drinks and want to be melancholic about the past then you should definitely go there we also said together and When we thought okay, yeah, we can actually solve the actual problems But how can we make it cooler? What do we want to do with it? What do we want to achieve and Given it's now free software and and we're working on it and the backlog of homework has been done There's a few things which we want to get going in the in the future What I don't really like in Plasma we spend so much time on polishing the product and then someone uploads a really bad wallpaper and The default is that the newest content gets shown first and You know you basically do I mean try So here this is Coming from the new store really Okay, I Thought I learned a few years ago that live demos are not a good idea Yeah, I am connected But hey this time I'm prepared Okay Eat that Murphy So we got wallpapers there and of course of course the wallpapers I did which you can see in there They're let's say decent quality what someone might upload a Picture of this crony dog Really nice for one person not necessarily lift the first thing I want to see in one of the really prominent features for a plasma desktop That's why we Want to have vetted content. We want to have some review process. We still want to be able for everybody to Let me just get back to the presentation. We still want everybody to Yes, we still want everybody to upload their content So we don't want any kind of censorship or that kind of stuff. So that's just not in our spirit But we want to make our product look really polished So vetted content some kind of review process is nice. And this is also a really good way To involve more people to rope them into Working with us because this doesn't need developer skills And there's a lot of artists around that don't really They do have a free software heart But they don't really know where to put things and there's no central place to reach all the free software users. So They get quickly get into yeah, which desktop do I actually want to support where they really don't care So Review processes are going to make our products look better then some of things can actually be executed on the on the client machine Even if it's just a plasmoid written in QML you can Do some nasty things with it. So at some point we want to be able to assign Assets because if you review it, but you're not sure if it's actually coming from certain developers Signing has certain Advantages we also want more social features. So I Maybe don't trust random people. But if I'm but says well, that's a really cool wallpaper or really cool plasmoid or whatever That's more valuable to me than random users. So social features that are pretty common in other app stores Are something on the roadmaps? Well, um, of course one of the big goals is to Actually want to see that slide, right? One of the goals is to also grow the ecosystem. So we want to grow it by combining but we also want to grow it by making it more interesting and Combining it means bigger market a larger audience. So it's more interesting for people to contribute and then one of the That's probably not an elephant in the room, but it's a very very hot topic right now our containerized Applications so far as they said this More or less only add-ons on there But we see containerized applications such as Snaps Flatpacks app images becoming more and more popular and they have very definitive Advantages so for application developers for for example right now, they Really don't have a way to ensure that users are getting bug fixes that users are getting the latest Version and the chain is just too long Even if I as an application developer ship an update and and release it then it's still up to about 200 distributions to actually ship it to the users. So being able to shortcut that and distribute apps directly through through containers reduces the complexity and shortens the the time to market for For applications. I think that is a big advantage and it's actually Missing and it's rightfully identified as one of the sore points of the Linux ecosystem. So the Plans for the store are and those are already an experimental phase Is to offer containerized apps and you can think of that like You start discover and you can't just Do distribution updates through your package manager, but you also get a list of containerized apps nice with metadata and screenshots and all that and You can use These applications on your system and the cool thing of course about containerized apps is it removes the complexity of the distribution in between so you don't have to do I don't know 200 builds times Six versions which is pretty much unmanageable for normal human beings So this actually allows application developers to get their software out to be clear. It's not there yet But it it should happen it's a big topic and we should work on that and we also looked a bit about West that gap that we have to solve now won't go over All these points, but I think this provides a pretty decent overview where the software distribution meant software distributions a Mechanism of most of the current Linux distributions Fall short It's pretty neat technically. It's I think really awesome that you can update your whole Distribution and and all the applications just in one go It's actually really fast if you compare it for example to Windows update Also less rebooting and less annoyance and total but There's not really a way for Developers to get feedback. How many how many users does my app have? I have absolutely no idea the Distributions do a really good way to shield me from my users which on the one hand I welcome because The last time I spent on Triaging trivial bug reports that are really a user problem the more time I can spend coding or diving or eating chocolate or Netflix or stuff like that um And we also provide a Channel for donations without anyone taking a slice of it. So that again makes it I think a lot more interesting for people To spend time on that, you know, if it just gets in a few hundred bucks every year That's still pretty nice. And I think I would feel more valued if people donated for the content I put up I Think a warning is in place You shouldn't probably not donate to my content if you want me to work on Katie because I likely just spend it on Going diving so Donate to someone else not to me so Conclusion more freedom to Katie products really central part of the offer software is now free software 15 euro bug solved Good stuff revenue model for your creations Without anyone taking a slice for this no one to rope you into because it's They earn money with that. This is something for you and a hundred percent for you. It's a really interesting option for application Distributions by all means please help with that The more hands we get on it the better It will be and also the sooner it will be It's in your hands now Playing a still in the game will keep developing it But we want to develop it openly. We want to develop it collaboratively And I think that's it and I'm pretty sure there are questions So hello. Yeah What's the rule? Hey, sir, what's the rule of distributions with this because you've talked about software a Software store, but we've classically got stuff of software from distributions. They've the ones who've handled updates They've to handle all of the packaging whatnot. How do you plan to play along with them not to play? What exactly? How does this work out? So first of all We haven't Flashed it out in detail But I can give my personal view on how these things could work in the future so what matters to me are Maybe three four applications, I definitely want to run a Absolute rock-stable version of my email client. I want to use the latest stable version Of my code editor K develop and then a few other things that don't really matter But I probably use about 20 30 applications regularly so an image viewer Um Image viewers of two years ago are really good enough for me. I don't care much about it. I don't want to spend any extra time I'll just go with it with the default whatever my distribution offers. So How I see it distributions Should offer the base System should take off care of security updates and all that but the applications I care most about I want to use in the latest version and those are probably the ones I will Install from a containerized format How does it how does it in? Sorry? No, it's it's the applications that are Absolutely critical for my workflow that I need tighter control On you know, maybe the I'm running. No, I'm the neo Nautilus Sucks for me and I'm doing file management all the time I would like to be able to you know pick a certain version for example from that So the way I see it is that distributions provide the base system security support and and all that user support But for for a few applications I want to have the latest version and how does it look like to the user We have discover which is a basically a client for package management software installation and all that and It will integrate on the UI side So there we actually have plans to integrate containerized apps in Discover so you get a you get a nice UI you can click an install button and it will also show You updates and allow to install these updates other questions At some point you mentioned it vetting contents that are not according to the policies like it's easy to imagine Not allowing a pornographical paper or such But what about malicious software putting there to have an reviewing process for actual code We don't have any reviewing process yet at all. So no and I don't think there should be a central entity reviewing content because What I would what I can imagine is that we have a few Designers who know a bit about the artwork concepts we use in Katie So these designers would add some kind of tag to certain wallpapers. They say yeah, these work really well They don't provide enough contrast. They're well done If it's photography, it's technically sound piece of work that kind of stuff. So they would For example add a visual design group approved stamp to it But that and we would use that tag or stamp in the plasma is wallpaper installation dialogue to put these wallpapers first and then you'd have to click a button or something or choose a different option To see all the content. So that's how I imagine that for for reviews If you get the software from the sauce You actually have a pretty decent chance that it's better quality. I've seen I've seen distributions patching applications To death and that's something I do not want and then we have the signing Signing process. So there's the entry point to ensuring that the software you're running will be what actually be, you know authentic or safe or sound but Yes, there are risks with installing software from third parties, but just in the same way I doubt that even Debian reviews all of Plasma's code base and they're still shipping it So there's a certain level of trust involved with that I just wanted to add one thing If I wanted I could add malicious key Militia thing to Quinn which would run on every system and nobody would notice so and no distribution would notice no user would notice So just because the code is open is no risk We're so lucky Martin is not evil Okay, you know, how is distortion the size of blink how you's actually doing this out of Ios there and there's kind of possibility for revision of the files You mean revision of the fights to exchange something that's on there Well at some level of course if you're sitting you can just remove it there I Haven't I haven't looked at the code There is a content delivery Network thing involved. I don't know. Maybe Alexander can I can explain how that works or we discuss it afterwards because it's really detailed question To make it short There are three repositories First is OCS web server Which is basically the front end then we have OCS CDN which basically is a content delivery network part that is Doing all the images screenshots and stuff like that and there's OCS file server So the file server is really much more advanced than the original file server Which only allowed one real file and the other side to be links So now the file server is on a separate server It allows multiple files version history. It can create even torrents for larger files. If that is necessary So those are the three Git repositories and they are all Can be found and get KDE And can be reviewed. So we really welcome because of course no no softwares Perfect, you always find some security issues or some bugs. So anyone Who likes to have a look and help? Yeah, I can do that and it's also listed on fabricator. So if you find some bugs on the UI or Yeah, you can just Report it on fabricator and we will have a look So you you can see that I can upload different files per product We'll have time for one last question sevens will be around I'm sure the blue systems people will be around just ask them a Question about the distribution of apps and containerized formats So several people have done analysis of what images are hosted on Docker hub And what kind of problems are there and the number one problem is not malicious code But just outdated code where you have outdated dependencies packaged within the apps So I'm pretty sure that this also will be the problem of Distributing what whatever kind of software we distribute on the KD software store So my question is do you have any thoughts about how to make sure that the things which are on the KD software store I actually secure for the user Let's put it the other way around. I know that people don't update their Linux systems either that in many cases we don't even get to ship bug fix or security updates So just yesterday I was discussing with Martin how we can get Serious of really important bug fixes not security problems, but functional Problems out to the user of a long-term support distribution and they don't even ship our bug fix updates So I think it's a This problem is bigger Than this topic and we need to ask ourselves how we can how we can solve it Okay, we're out of time. Sorry. I'm sorry Frank, please