On 10/14/18 7:14 PM, Eli Schwartz via aur-general wrote:
On 10/14/18 5:35 PM, Daniel Bermond via aur-general wrote:
I usually don't use pgp on my aur packages because people tend to complain a lot about building issues. They fail to handle the keys and start complaining to the packager, and this is a big stress. When dealing with repository packages this is another story, of course. Since this was raised as a main issue, I'll be adding the pgp checks back again. It's very simple to handle people who refuse to learn how the AUR works: refuse to acknowledge anything they say, and simply respond with "learn how to makepkg".
Removing pgp checks in the general case is not okay, even if "it's just an AUR package, so no one cares about security because it's all garbage, right?"
Thanks for the suggestions. I'll use pgp whenever possible on aur packages then.
I know that we should not use msg2 because it's makepkg internal. But it helps to diagnose user problems by helping to identify at which stage a build error is happening. For sure I can remove it if required to. ;) I've yet to come across a single justified case of using msg2, anyone who knows how to read an error message in the first place doesn't need this help.
There's no rule against it per se, but I regard it as... messy. Especially in the example Doug indicated, it seems to be wildly overcomplicating the build and package functions.
Ok, I'll be removing msg2 from all my packages, or use printf/echo instead like mentioned by Doug in his message. -- Best regards, Daniel Bermond