On 2021-04-11 03:21, George Rawlinson via aur-general wrote:
Hello everyone!
My name is George Rawlinson (grawlinson), and I am applying to be a Trusted User. My sponsors are Morten Linderud (Foxboron) and Sven-Hendrik Haase (svenstaro). They have evaluated my PKGBUILDs and quickly come to the conclusion that they are considered a crime against humanity, but feel free to offer your own opinions. Feedback is always great! Especially if there's something I've overlooked. [...]
Hello, George! Nice to meet you. I took a look at some of your packages and have some feedback for you! ansible-pacman_key - I like that you added PGP signing since you're upstream as well. - License is GPL3, not GPL, which means GPLv2 or any later version [1]. Just a nitpick. leocad - Your cleanup commit makes great improvements when you adopted it. libiconv - Nice job adding PGP verification when adopting - HTTPS source can be used instead of HTTP The rest of the packages I viewed left me without comment, which is good. You've got a good grasp on best practices for packaging! I particularly like how you've heeded the tip on the PKGBUILD wiki page and extracted out an MIT license from a readme for a package without a dedicated file. :) Overall, it looks very good! I've noticed that your commit messages are generally unhelpful, though: They often use a stock "upgpkg: blah" rather than actually telling what work was done. I also took a look at the packages you maintain and intend on bringing into [community]. Most of those Go packages download vendor libraries on buildtime. The Go package guidelines [2] make no mention of vendoring so I'd like to get some clarification from someone else on whether or not this is kosher. [1] https://wiki.archlinux.org/index.php/PKGBUILD#license [2] https://wiki.archlinux.org/index.php/Go_package_guidelines