Hi Robin, On Wed, 2024-05-08 at 12:30 +0200, Robin Candau wrote:
Nice journey, congrats!
Thanks!
Yet another Rust fan, they are everywhere! /o\
I'd say there are literally dozens of us, but I just spent the past two days at a conference with a few hundred, so the lower bound needs to be a bit higher.
the only things I can raise at first glance is that some packages are still using `md5sums` or `sha1sums` where we now usually prefer a stronger hash algorithm (but here again, that's a detail)
Fixed for everything but 1. git packages as they don't have checksums anyway, and 2. trang, as upstream specifically published SHA1 hashes for release artefacts.
and that the migrant PKGBUILD is skipping checksums because it is using a git source while makepkg can now generate checksums for such sources :) (You might as well switch from `commit=commit_hash` to `tag=$pkgver`).
That's only one of very many issues the migrant package had, and I submitted PRQ#58526 [1] to delete it, though I forgot to remove it from my repo. Did that now! Jakub did point out to me that git sources support checksums now while discussing the plotly PKGBUILD. [2]
I think Bert would be a great addition to the team!
Appreciate the reception so far :) Bert. [1]: https://lists.archlinux.org/archives/list/aur-requests@lists.archlinux.org/m... [2]: https://aur.archlinux.org/packages/python-plotly