Am Sun, 5 Dec 2010 22:58:50 -0500 schrieb keenerd <keenerd@gmail.com>:
On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist@gmail.com> wrote:
The problem is that namcap's implementation is not meant for untrusted PKGBUILDs. Sourcing those build files is a big security flaw, so we can't do that for the AUR.
Thankfully, what I'm doing here does not even look at the pkgbuild. It just looks at the directory structure, runs "file" on everything and compares this to a (tediously compiled) whitelist. Nothing fancy. Would make a lot of sense to have it built in.
-Kyle http://kmkeen.com
Are you R.Daneel? And are you flooding several inboxes with such useless comments regarding "wrong" or "bad" packages just because they contain some "local" files which are not provided by upstream like a single icon or a tarball with a ruleset? Not a good idea. See e.g. opcion and logcheck. The first is a Java application and contains one icon for the desktop menu which is not provided by upstream. The second has some tarballs with rules included which are also not provided by upstream. I'm not the maintainer of these packages. But writing such comments for these packages is just useless and floods needlessly several inboxes of users who are subscribed to those comments. Please, don't exaggerate the "QA". Heiko