On 07/12/2018 01:47 PM, Filipe Laíns via aur-general wrote:
Hello,
My name is Filipe Laíns. You might also know me by my alias, FFY00.
I am applying to be a Trusted User with Dan Printzell's (Wild) sponsorship.
It's always nice to see people eager to contribute more, good luck!
(synology-cloud-station-drive) This is a drive client for Synology devices[6].
We'll need permission from them for binary redistribution with all-rights-reserved software... they pretty specifically only offer single-user personal licenses to download, install, and run one copy from them alone. Like most proprietary EULA'ed software. ... On to the ztrawhcse review! I gave Filipe some advice over IRC prior to his application. As a result, many packages had their srcdir/pkgdir quoting fixed, or renamed sources to cooperate with shared $SRCDEST, or fixed style nits with inconsistently quoted variables As of the last time I checked, although some packages may be fixed already, the following issues were discovered... antlr3: - you updated the source to HTTPS on my advice, but forgot the url babl-git: - !libtool is not needed to build, and comes as default anyway these days - ./autogen.sh should be moved to prepare, and moved to autoreconf -fi if at all possible. In this case, it's a wrapper for autoreconf already :) cellular-network-configs-git: - unquoted srcdir/pkgdir cm256cc: - are the mv commands needed or not? - depends on boost but may only need that as makedepends, see if runtime depends could get away with only boost-libs dump1090-mutability-git: - unquoted srcdir/pkgdir - source should clone over git+https:// for TLS certificate checking - install script should switch to using systemd-sysusers - install script should not delete users on uninstall as this can be a security risk: https://www.archlinux.org/todo/usergroup-management/ - consider just using systemd DynamicUsers to run the service evernote-sdk-python: - patching should be done in prepare not build - should run python setup.py build in build before running install in package franz: - electron apps should use the system electron if possible - architecture-dependent binaries should go in /usr/lib not /usr/share - try to get desktop file into upstream project - should not conflict the bin package -- that is the bin package's job gdc1-bin: - sources should use HTTPS gdc-bin: - unquoted srcdir/pkgdir - sources should use HTTPS gdc-git: - unquoted srcdir/pkgdir - sources should use HTTPS - binutils is in base-devel and should not be a makedepends gegl-git: - autogen.sh in build should be moved to autoreconf -fi in prepare gimp-git: - url should be HTTPS - move sed'ing of configure.ac, autogen, to prepare and use autoreconf gr-limesdr-git: gr-limesdr: - MIT license must be installed in package inspectrum: - style: license array sticks out like a sore thumb by not being quoted like the surrounding variables - pkg-config is in base-devel and should not be a makedepends cellular-network-configs-git: evernote-sdk-python: gr-limesdr-git: gr-limesdr: limesuite: lime-tools-git: lms7002m-driver-git: - style: arch array sticks out like a sore thumb by not being quoted like the surrounding variables me-edit: - should build from source - don't use specific sourceforge mirror to download - wrapper script does not need to popd right before exiting a script - wrapper script would be better off symlinking to /usr/bin/ if possible mitmproxy-git: - unquoted pkgdir - MIT license must be installed in package - should run testsuite like community package does - should use system certifates instead of certifi, like community package does nodejs-nan: - should build from source tarball instead of pulling from the server at buildtime - nodejs packages need to fix non-deterministic chmod 777 on directories, see https://wiki.archlinux.org/index.php/Node.js_package_guidelines and https://github.com/npm/npm/issues/9359 pantheon-mail: - stable releases do not replace bzr packages pulseaudio-equalizer-ladspa: - renamed to unique sources on my advice, but dropped the .tar.gz pylms7002m-git: - unquoted srcdir pylms8001-git: - unquoted srcdir python2-entrypoints: - instead of downloading setup.py from git master of some fork, use the PyPI releases, for which flit has generated one for you. Or use flit. python2-keyrings-alt: - wrong url python2-secretstorage: - BSD license must be installed in package qspectrumanalyzer-git: - uses setuptools entry points so setuptools is a runtime dependency qt5-quick1-git: - should use #branch=dev for source instead of checking it out later qt5-quick1: - pinned to a git tag, then immediately checks out some branch??? redmine: - source/url should use HTTPS - $_instdir can contain spaces (based on $pkgdir) and must be quoted rivalcfg: rivalcfg-git: - setup.py contains setuptools entry points so setuptools is a runtime dependency - install script should be taken care of by udev + reload hook from systemd sdrangel-git: sdrangel: serialdv: soapyosmo: soapyrtlsdr: soapysdr: soapyuhd: - incorrectly marked as 'any' package soapyosmo: - GPLv3 license should be GPL3 soapyrtlsdr: - MIT license must be installed in package soapysdr: - Boost license is a common license in the 'licenses' package sparta: - url should use HTTPS - nmap/hydra seem to be optdepends, not makedepends ttf-d2coding: - OFL is not installed in the licenses package, so must be installed in this one - font packages don't intrinsically depend on fontconfig, fontconfig-using applications are among those that read font files should not provide/conflict itself - url is a redirect to the website's main page over HTTPS, find a better link vr180-creator: - electron app with no links to source is marked as MIT for the electron component, source archive contains binary node modules so cannot debundle electron without source, cannot find license for app itself writefull: - proprietary app using electron is marked as MIT, app.asar contains binary robotjs and spellchecker modules which can probably be rebuilt against and use system electron package - arch-dependent binaries should be installed to /usr/lib not /usr/share -- Eli Schwartz Bug Wrangler and Trusted User