On Sun, 2015-07-26 at 19:08 +0200, Marcel Korpel wrote:
* Gordian Edenhofer <gordian.edenhofer@gmail.com> (Sun, 26 Jul 2015 18:34:28 +0200):
I am against calculating the .SRCINFO on the server because of the already stated security issues. However I agree that it is a growing problem for AUR helpers. A reasonable approach would be to at least remind the user through git each time a commit with no .SRCINFO was pushed.
There already is a hook that tests if .SRCINFO exists, among other files: https://projects.archlinux.org/aurweb.git/tree/git-interface/git -update.py#n218
Best, Marcel
I am aware of this hook, but I was recommending an additional one which would check whether the .SRINFO file is updated in the commit. I would guess the majority of PKGBUILD-modifications affect the .SRCINFO file and therefore should contain an altered .SRINFO. The proposed hook could check the pushed commit for an altered .SRCINFO file and would display a warning if it is not modified. For those changes which need no amendments to the .SRCINFO the message could simply be dismissed since the commit is pushed either way. Best Regards, Gordian