On 18/10/2020 17:39, Tim Meusel via aur-general wrote:
Hi!
I'm Tim Meusel and I want to spent more time in the Arch Linux community and increase the package quality. I first got in touch with open source some years ago in the Puppet Community [0] where I started to love Puppet and FOSS. At the moment I'm employed at a big ISP where I maintain a few thousand systems. My solution of choice for configuration management is Puppet because it fulfills all requirements and is easy to extend. For a few projects I require up2date systems with modern software, that's why i choose Arch Linux. Since Puppet was already present in the company, the Arch Linux boxes were puppetized as well. I wrote or contributed to multiple packages related to Puppet on Arch Linux. foxxx0 and shibumi were so kind to continue maintaining them in the official repositories:
Yay, I like seeing applications who want to help maintain packages which are already in our repositories! Some notes on your AUR packages: * choria-io - 'github.com/choria-io/go-choria/build.BuildDate=$(date '+%F %T %z')' Recording the build date is non reproducible, will give reproducibility issues. SOURCE_DATE_EPOCH can be used to make it reproducible, see https://reproducible-builds.org/docs/source-date-epoch/ - systemd unit could have some systemd hardening applied, see the wiki or 'man systemd.exec' https://wiki.archlinux.org/index.php/Arch_package_guidelines/Security#System... * log4r - Package lacks a license=(), upstream url is no longer valid it seems? * tftp-hpa-destruct - systemd service could use some hardening - how did you obtain the LICENSE file? From their official website? It's interesting it's not in the official tarball :) Greetings, Jelle