implement feedback from Lukas, clean up style, add links

developer_manual/general/publishing.rst

@@ -24,9 +24,10 @@ With each level come requirements and a position in the store.
 
 Official
 --------
-Official apps are developed by and within the ownCloud community and its github repository and offer functionality central to ownCloud. They are ready for serious use.
+Official apps are developed by and within the ownCloud community and its `Github <http://github.com/owncloud>`_ repository and offer functionality central to ownCloud. They are ready for serious use.
 
 Requirements:
+^^^^^^^^^^^^^
 
 * developed in ownCloud github repo
 * minimum of 2 active maintainers and contributions from others
@@ -36,6 +37,7 @@ Requirements:
 * follows app guidelines
 
 App store:
+^^^^^^^^^^
 
 * available in Apps page in separate category
 * sorted first in all overviews, 'Official' tag
@@ -51,20 +53,22 @@ Approved
 Approved apps are developed by trusted developers and have passed a cursory security check. They are actively maintained in an open code repository and their maintainers deem them to be stable for casual to normal use.
 
 Requirements:
+^^^^^^^^^^^^^
 
 * code is developed in an open and version-managed code repository, ideally github with git but other scm/hosting is OK.
 * minimum of one active developer/maintainer
 * minimum 5 ratings, average score 60/100 or better
 * app is at least 3 months old
-* developer trust:
- * developer is known in community;
- * app is subject to unannounced security audits
- * in practice this means that at least some of the code of this developer has been audited; either through another app by the same developer or with an earlier version of the app. And that the attitude of the developer towards these audits has been positive.
 * follows app guidelines
 * app is signed, at least domain verified
+* the developer is trusted
+* app is subject to unannounced security audits
+
+.. note:: **Developer trust**: The developer(s) is/are known in community; he/she has/have been active for a while, have met others at events and/or worked with others in various areas.
+.. note:: **security audits**: in practice this means that at least some of the code of this developer has been audited; either through another app by the same developer or with an earlier version of the app. And that the attitude of the developer towards these audits has been positive.
 
 App store:
-
+^^^^^^^^^^
 * visible in app store by default
 * sorted above experimental apps
 * search results sorted by ratings
@@ -73,9 +77,10 @@ App store:
 
 Experimental
 ------------
-Apps which have not been checked at all for security and are new or known to be unstable and under heavy development but are considered usable for casual use or experimentation.
+Apps which have not been checked at all for security and/or are new, known to be unstable or under heavy development.
 
 Requirements:
+^^^^^^^^^^^^^
 
 * no malicious intent found from this developer at any time
 * 0 confirmed security problems
@@ -84,6 +89,7 @@ Requirements:
 * app is signed but no verification has to be done
 
 App store:
+^^^^^^^^^^
 
 * show up in Apps page provided user has enabled "allow installation of experimental apps" in the settings.
 * Warning about security and stability risks show for app
@@ -91,7 +97,7 @@ App store:
 
 Getting an app approved
 =======================
-If you want your app to be approved, make sure you fulfill all the requirements and send an email to XXXX. A team of core ownCloud developers will review your application.
+If you want your app to be approved, make sure you fulfill all the requirements and send an email to the ownCloud `development mailing list <http://mailman.owncloud.org/mailman/listinfo/devel>`_. A team of core ownCloud developers will review your application.
 
 Losing a rating
 ---------------
@@ -106,13 +112,19 @@ App guidelines
 These are the app guidelines an app has to comply with to have a chance to be approved.
 
 Legal and security
+^^^^^^^^^^^^^^^^^^
 
 * Apps can not use 'ownCloud' in their name
-* Irregular and unannounced security audits of all apps can and will take place. If ever any indication of malicious intent is found, the developer(s) can count on a minimum 2 year ban from any ownCloud app infrastructure. Malicious intent includes deliberate spying on users by leaking user data to a third party system, ... (lukas, help out, man! what is evil?)
+* Irregular and unannounced security audits of all apps can and will take place.
+* If any indication of malicious intend or bad fait is found the developer(s) in question can count on a minimum 2 year ban from any ownCloud infrastructure.
+ * Malicious intent includes deliberate spying on users by leaking user data to a third party system or adding a back door (like a hard-coded user account) to ownCloud. An unintentional security bug that gets fixed in time won't be considered bad faith.
 * Apps do not violate any laws; it has to comply with copyright- and trademark law.
 * App authors have to respond timely to security concerns and not make ownCloud more vulnerable to attack.
 
+.. note:: distributing malicious or illegal applications can have legal consequences including, but not limited to ownCloud or affected users taking legal action.
+
 Be technically sound
+^^^^^^^^^^^^^^^^^^^^
 
 * Apps can only use the public ownCloud API
 * At time of the release of an app it can only be configured to be compatible with the latest ownCloud release +1
@@ -120,6 +132,7 @@ Be technically sound
 * Apps should not hamper functionality of ownCloud unless that is explicitly the goal of the app
 
 Respect the users
+^^^^^^^^^^^^^^^^^
 
 * Apps have to follow design and `HTML/CSS layout guidelines <../app/css.html>`_
 * Apps correctly clean up after themselves on uninstall and correctly handle up- and downgrades