Marketplace signals and program eligibility
Configurable egress / remotes enable partners to deliver more flexible apps which increase customer trust by enabling them to better understand and control how their data is managed. With that said, the ability to share data remotely would preclude these apps from being eligible for Runs on Atlassian in the program’s current definition and state.
This RFC will not explore the impacts of the utilisation of this capability on RoA or other marketplace signals at this time.
Quoting from here.
If this inconsistency isn’t addressed before these features become available to customers, the whole point of RoA will be lost: an app with REST APIs can share data remotely. For sure, it will be on the customer to decide who and what can call those APIs, but isn’t it exactly the same with optional/configurable egress?
| REST API | Optional egress | |
|---|---|---|
| Customer decides who uses it | Yes | Yes |
| Customer can disable it | Yes | Yes |
| Can send data out to 3rd parties | Yes | Yes |
| Guarantees data residency | No | No |
| On by default | Yes | Yes |
| RoA | Yes | No |
Make it make sense, because I can’t