On Tue 22 Feb 2011 02:31 +0800, Ray Rashif wrote:
On 22 February 2011 02:06, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
On Tue, Feb 22, 2011 at 02:03:38AM +0800, Ray Rashif wrote:
On 21 February 2011 18:08, Dieter Plaetinck <dieter@plaetinck.be> wrote:
On Mon, 21 Feb 2011 10:47:50 +0100 Lukas Fleischer <archlinux@cryptocrack.de> wrote:
The official Arch Linux AUR setup has been upgraded to 1.8.0. For a short list of changes, read [1].
Please report any issues on the AUR bug tracker [2].
[1] http://mailman.archlinux.org/pipermail/aur-dev/2011-February/001433.html [2] https://bugs.archlinux.org/index.php?project=2
what's the reasoning behind no longer showing all files in the "source package"? I found this feature quite useful.
I've _always_ used this, almost on every package I came across. I don't want to be downloading anything I just want to take a rough look at. Would be good to have this back in some way or another. Brainstorm!
Did you read all my replies on this topic? If you still think that this should be implemented no matter what, you'd better open a feature request on the bug tracker.
You do not really address this issue aside from shrugging it off as an unneeded feature that costs one or two vulnerabilities. If it was really that useless it would not have been implemented in the first place. The loopholes are real, but the feature should not be forgotten.
I will leave it up to the community to file a request to have this back, because with that we can really see whether it actually is as useful as a few of us claim :)
As another AUR developer I will echo Lukas' statements. Actually, even if there were no security issues I would support this change one hundred percent. Functionality needs to be moved to the clients for the better future of the AUR. Let's not think of the AUR as a mere webapp. I understand that there will be some growing pains, some users may not really like or understand why certain changes are being made. I did anticipate this, and that's one reason why I asked that the PKGBUILD still be available for easy viewing. Think of it as a screenshot - it will give you a glimpse into the package but not the whole idea. You will need to download it for that.