Microsoft to Ban Commercial Open Source from App Store
sfconservancy.orgMore activist horseshit from the SFC. This is obviously trying to prevent unscrupulous developers from simply repackaging OSS into a shell app, charging money for it, and making money off the original developer's work. If you browse through these app stores they're full of junk apps that are violating GPL.
Banning profiting from FOSS apps entirely isn't the way to get rid of the junk apps. It blocks legitimate original developers from funding development through the app store. Krita is an example of this.
The junk apps you mention are already violating trademarks and copyrights, so Microsoft should just make it easy to report those violations and get the apps taken down and added mechanisms to prevent those junk apps from reappearing, like blocking all "Inkscape" apps except the one from account of the trademark holder.
If their concern was the different price between the app store and other ways to get the app, then they should have simply required developers to refer to those other ways from the app store itself, or allowed developers to set an app as pay-what-you-want plus the Microsoft cut, or both.
I'm hypothesizing here, but it's possible that the policy was introduced so that the teams who work on moderation of apps (including the open-source-derived junk/spam ones) have a documented policy that they can use when justifying each removal - removals that are likely based on user-based flagging of problems.
If that's the case, Krita would probably remain listed; it's unlikely to be reported as spam and is genuinely useful software, so the moderation team are unlikely to consider (letalone apply) this policy in relation to it.
That said, the policy is clearly not worded ideally if it puts a valid, legitimate app into violation. So it's good that the SF Conservancy are raising a concern about this (which it seems like the Krita developers have read[1], incidentally).
The metaproblem seems to be that we want people to install "the good, safe software" and not "the bad, harmful software" -- and especially not to pay for and incentivize creation of the latter.
Is that best achieved using moderation and written policies after-the-fact? Does the presence of absence of paid apps and in-app payments affect the alignment of incentives? Is there eventual, informed and communicated consensus from users about the best and safest apps to use?
I feel like we may be trapped in a local minima at the moment where a bunch of conditions around app stores are non-ideal.
[1] - https://twitter.com/Krita_Painting/status/154524168859936768...
Trademark violation should be enough for the moderation team I would assume, for most of the junk apps.
But even fully open source from open source distros, which should be "the good, safe software" still does nefarious things, for example the Audacity devs decided to add telemetry and Debian is full of privacy violations, some of them documented here:
https://wiki.debian.org/PrivacyIssues
The only way to solve this really is proper vetting of each app before it is accepted on the app store, but even Debian's relatively heavy-weight approach doesn't solve this, same as Apple's heavy-weight approach also doesn't solve this.
> Trademark violation should be enough for the moderation team I would assume, for most of the junk apps.
For clear trademark infringement or license violations, sure.
However, it'd be permissible, as I understand it, to build re-label-ware (not necessarily malware, but simply low-effort software built using FOSS foundations) using MIT/Apache and other permissively-licensed software and to publish that on app stores with price tags attached.
I have to admit: I'm not familiar with the types of apps that the policy intends to handle in practice -- but re-label-ware would seem like a rational opportunity for developers to pursue in a payment-enabled marketplace without rules to prevent them.
> The only way to solve this really is proper vetting of each app before it is accepted on the app store
That sentiment doesn't sit right with me somehow. Computers can run software, and attempting to gatekeep that process (in an evolving and culturally-diverse world) seems like a path fraught with problems.
Having transparency about what software is intended to do - and perhaps system-perimeter observability that helps users (and, with their knowledge, their friends and colleagues?) to monitor what it has really been doing (to inspect whether that matches their expectations) seems like a potential space for opportunity.