Microsoft to Ban Commercial Open Source from App Store(sfconservancy.org) |
Microsoft to Ban Commercial Open Source from App Store(sfconservancy.org) |
The junk apps you mention are already violating trademarks and copyrights, so Microsoft should just make it easy to report those violations and get the apps taken down and added mechanisms to prevent those junk apps from reappearing, like blocking all "Inkscape" apps except the one from account of the trademark holder.
If their concern was the different price between the app store and other ways to get the app, then they should have simply required developers to refer to those other ways from the app store itself, or allowed developers to set an app as pay-what-you-want plus the Microsoft cut, or both.
If that's the case, Krita would probably remain listed; it's unlikely to be reported as spam and is genuinely useful software, so the moderation team are unlikely to consider (letalone apply) this policy in relation to it.
That said, the policy is clearly not worded ideally if it puts a valid, legitimate app into violation. So it's good that the SF Conservancy are raising a concern about this (which it seems like the Krita developers have read[1], incidentally).
The metaproblem seems to be that we want people to install "the good, safe software" and not "the bad, harmful software" -- and especially not to pay for and incentivize creation of the latter.
Is that best achieved using moderation and written policies after-the-fact? Does the presence of absence of paid apps and in-app payments affect the alignment of incentives? Is there eventual, informed and communicated consensus from users about the best and safest apps to use?
I feel like we may be trapped in a local minima at the moment where a bunch of conditions around app stores are non-ideal.
[1] - https://twitter.com/Krita_Painting/status/154524168859936768...
But even fully open source from open source distros, which should be "the good, safe software" still does nefarious things, for example the Audacity devs decided to add telemetry and Debian is full of privacy violations, some of them documented here:
https://wiki.debian.org/PrivacyIssues
The only way to solve this really is proper vetting of each app before it is accepted on the app store, but even Debian's relatively heavy-weight approach doesn't solve this, same as Apple's heavy-weight approach also doesn't solve this.
For clear trademark infringement or license violations, sure.
However, it'd be permissible, as I understand it, to build re-label-ware (not necessarily malware, but simply low-effort software built using FOSS foundations) using MIT/Apache and other permissively-licensed software and to publish that on app stores with price tags attached.
I have to admit: I'm not familiar with the types of apps that the policy intends to handle in practice -- but re-label-ware would seem like a rational opportunity for developers to pursue in a payment-enabled marketplace without rules to prevent them.
> The only way to solve this really is proper vetting of each app before it is accepted on the app store
That sentiment doesn't sit right with me somehow. Computers can run software, and attempting to gatekeep that process (in an evolving and culturally-diverse world) seems like a path fraught with problems.
Having transparency about what software is intended to do - and perhaps system-perimeter observability that helps users (and, with their knowledge, their friends and colleagues?) to monitor what it has really been doing (to inspect whether that matches their expectations) seems like a potential space for opportunity.