Am Mon, 6 Dec 2010 00:26:22 -0500 schrieb keenerd <keenerd@gmail.com>:
It's an experiment I've been working on for some time. To appease Heiko I've removed all trace of personality and variety from the form message.
In most cases there's a reason for having binaries, icons and the like in a package. And whether such a package actually has a bad quality or its contents are necessary can't be decided by a bot. It's pretty the same as the case when someone thought in the past it was sufficient to just comparing two package names and to sending a removal request for one of these packages just because a part of the package names is equal without looking into these packages and without reading the PKGBUILD. So such a bot can probably help you to finding possible candidates with a bad packaging quality, but you have to verify those packages by yourself. So a bot should at the very most create a list of those packages for you, but should definitely not write comments to AUR. Then you should verify the packages on this list by looking into those packages and reading the PKGBUILDs. Only if you then find a package which really doesn't respect the policies you can post a comment for this package manually or create another list with those packages and let a bot sending the comments to the packages on this second list. But having a bot sending such comments just because there's one .desktop file or icon in the package is spam. And think about the responses of the maintainers or other users to those comments. And consider that this spam goes into the inboxes of up to hundreds of people. Btw., the QA in AUR is usually pretty good, because comments for a package are usually written pretty fast by other users or TUs if a package doesn't respect some guidelines, has bugs or a bad quality or isn't trustworthy. And if a maintainer doesn't respond to such comments or doesn't fix those issues users usually send an orphan request to the mailing list to be able to fix these issues themselves. So there's usually no need for such a bot.
I've also come across a bug in the AUR. In short, the tarball URL provided by the RPC interface is different from the tarball taken from the html page. The RPC tarball is *exactly* what was uploaded. While the html tarball has been sanitized. So let's say someone uploads something that is not even a tarball. The AUR fixes this and pushed it to the html. The RPC link goes to the original, and Mr Robot complains. Human looks at html tarball and sees nothing wrong. Confusion abound. I'll remove those comments.
I don't know how all the AUR scripts like yaourt, aurbuild, clyde etc. retrieve the tarballs from AUR, whether they get it from the HTML or the RPC interface. And I don't know how the HTML interface should sanitize packages and what you actually mean with sanitize. But I had absolutely no such problems with AUR packages, yet. Heiko