On 14-01-07, Lukas Fleischer wrote:
Hi,
I think the idea of integrating Git with the AUR [1] is a very good one and should be a milestone for the 3.0.0 release. The idea is to create a Git repository per package.
Pros:
* Full history of each AUR package, even if the maintainer changes.
* Lays the foundations for supporting multiple maintainers per package.
* Makes it easier to contribute patches (see git-format-patch(1), branches and pull requests).
* cgit might do quite a lot of the work required on the front-end side. PKGBUILD previews, history view, tarball generation, Git clone support, ...
* Updating packages will be easier (`git pull` followed by `makepkg -i` instead of doing all the work from the web browser or via an AUR helper).
Cons:
* Needs more space on the AUR server. Currently, an AUR package uses ~17KiB on the official Arch Linux AUR server. This will probably increase by a factor of 10. Shouldn't be too problematic unless we get a lot of new packages or a lot of updates.
* More load on the AUR server. Especially if we no longer store tarballs but use cgit to generate them on the fly (needs to be discussed).
Migration should be easy since we can use a small shell script to convert all packages into Git repositories.
The first idea is to slightly change the package submission process to extract the whole tarball, parse the PKGBUILD and do a Git commit with the tarball content. There will be an additional text field to enter a (part of the) commit message that is used. As mentioned above, all package repositories will be accessible via cgit. The PKGBUILD preview (and maybe also the tarball download) will be replaced with a simple link to cgit.
Later, we should think of how to support support for git-push(1). The main issues are
* Authentication: Virtual accounts, somehow connected to the AUR DB? * Integration of the PKGBUILD/.AURINFO parser: Git hook? * DoS protection: Quotas, ...
I don't think we should support `git-push` at all, the reasons are simple: * Git allows overwriting the history by doing a force push `git push -f`. As a community PKGBUILD publishing platform, the git history of a PKGBUILD should not be allowed to be tampered with, whether accidently or intentionally, it should reflect how the PKGBUILD envloved from the start, not the one someone carefully crafted. * Changed history will cause conflit on `git pull`, which is not something we want to deal with everyday. Instead, we should stick on the `src.tar.gz` tarball submitting, and make the Git commit on the server. At least, push access should not be granted to normal user, only to TUs.
Any comments and suggestions are welcome!
Regards, Lukas