On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

Hello everyone,

Formalities first, Christian Rebischke (Shibumi) is sponsoring my application, although I'd like to thank so many people for their feedback, help, guidance and counsel in all-things-Arch*.

My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate from New York University. My research focuses on securing the dev-ops pipeline/supply chain, which includes work on package manager security, version control system security, securing container orchestrators, reproducible builds, so on and so forth. It is not a coincidence that all of these relate strongly with Linux; I believe the Linux environment pretty much shaped my professional career since I was in High School.

I've been a GNU/Linux user for more than I can remember, although I started using it exclusively circa 2011. I started using Debian, Mint and Ubuntu interchangeably for a couple of years and, as time passed, I started to develop personal scripts and unscrew my deterministically-broken distro (I still remember my hook to fix the fglrx install every time X was updated). This experience threw me to the other side, and for a while I thought I could maintain my own LFS-based distribution with scripts of this sort, which led me to learn a lot about what *not* to do when managing packages. However, It was when I finally decided to give Arch a serious try (around 2014) that I found myself enamored with not only the toolchains, but the community and the philosophy behind the distribution --- I'm now a strong supporter of the Arch Way(tm) thanks to all the leasons learned through the winding roads of linux-system-administration.

Although I've always been an assiduous user of the AUR, not only using but writing my own PKGBUILDs, It was only until recently (about 8 months now), that I've been working towards becoming more familiar with the package ecosystem with the end goal of becoming a TU. I've received feedback from many members on the community on how to fix, extend and follow best practices on writing PKGBUILDS which I believe has improved their quality[2].

Besides maintaining packages I've been contributing to other aspects of the Arch Linux ecosystem for about three years now. I've participated in the security team almost since its inception, by providing code to the tracker, tracking CVE's and sending advisories. Likewise, I've been a tester for more than a year. I've also participated (although not as much as I've wanted) on the archlinux-reproducible efforts. Finally, I've worked along with shibumi and Pierre in making an automated build of an official Archlinux Docker image. Beyond Arch Linux, I'm a committer to projects like reproducible-builds.org[3], Briar[4], neomutt[5], and The Update Framework (TUF)[6], among others[7].

There are two main reasons for this application to become a TU. First, I want to contribute *more* to a community that has given me so much, and I'm certain that helping packaging tools for everyone in the community repository will only improve the overall user experience. Second, and most importantly, I want to expand the offer of packages in the official repositories.

Concretely, I want to maintain the following packages:

- Orphaned packages (I'm a regular user of these): - giblib (currently on extra) - python-pylint (currently on extra) - uthash - znc - cvf - netctl (?! currently on core, so I suspect I can't maintain this one) - python-opencl/pyopencl-headers

- I'd love to co-maintain some packages that have a packager right now**: - radare-cutter - hub - rtl-sdr - maven

- I intend to move the following packages from the AUR: - reprotest - git-latexdiff - python-rstr - python2-grip - inxi - plex-fonts

Needless to say, I'm open to discussion on this list. I can extend it with any suggested packages, or discard any packages that aren't deemed popular enough.

On a less technical, serious note, I love playing guitar! I have a band and we play progressive, shoegaze, and math-rock. I also like cycling, and reading on pretty much anything. I'm a Rust fanboy and I'm re-learning Verilog, as I'm hoping to play around with the RISC-V ISA and emulate TPM's and other trusted hardware designs.

Thanks, -Santiago (Sangy) Torres-Arias

[1] https://badhomb.re [2] https://aur.archlinux.org/account/sangy [3] https://reproducible-builds.org [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits [5] https://briarproject.org [6] https://theupdateframework.com [7] https://github.com/santiagotorres

* Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1, Tigrmesh, meskarune et al.! ** This is the first time I make this public, so there's no commitment from the current packager at all

Hello everybody, I confirm my sponsorship for sangys application. Let's begin the discussion period. chris

Em julho 22, 2018 16:35 Santiago Torres-Arias via aur-general escreveu:

- Orphaned packages (I'm a regular user of these): - giblib (currently on extra) - python-pylint (currently on extra) - uthash - znc - cvf - netctl (?! currently on core, so I suspect I can't maintain this one) - python-opencl/pyopencl-headers

- I'd love to co-maintain some packages that have a packager right now**: - radare-cutter - hub - rtl-sdr - maven

- I intend to move the following packages from the AUR: - reprotest - git-latexdiff - python-rstr - python2-grip - inxi - plex-fonts

Needless to say, I'm open to discussion on this list. I can extend it with any suggested packages, or discard any packages that aren't deemed popular enough.

On a less technical, serious note, I love playing guitar! I have a band and we play progressive, shoegaze, and math-rock. I also like cycling, and reading on pretty much anything. I'm a Rust fanboy and I'm re-learning Verilog, as I'm hoping to play around with the RISC-V ISA and emulate TPM's and other trusted hardware designs.

Hi Sangy, Glad to hear you finally applied to become a TU. Creepy stuff with the confirmation from shibumi coming before your application. I have adopted znc, because I didn't knew it was orphan. I have now officially made a calendar entry to look at orphans monthly. I'm glad to have you co-maintaining, if you get elected, however. I'm a hardcore user of znc as well. Good luck, Giancarlo Razzolini

On Sun 22.07.18 - 15:35, Santiago Torres-Arias via aur-general wrote:

- Orphaned packages (I'm a regular user of these): - netctl (?! currently on core, so I suspect I can't maintain this one)

netctl is maintained by Jouke who maintains the netctl code. We only build and push the package, but he handles all bugs because the PKGBUILD we use is actually part of the netctl git repo, but since he isn't a a normal dev he can't adopt it on archweb so it's listed as orphan. Florian

On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

Hello everyone,

Formalities first, Christian Rebischke (Shibumi) is sponsoring my application, although I'd like to thank so many people for their feedback, help, guidance and counsel in all-things-Arch*.

My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate from New York University. My research focuses on securing the dev-ops pipeline/supply chain, which includes work on package manager security, version control system security, securing container orchestrators, reproducible builds, so on and so forth. It is not a coincidence that all of these relate strongly with Linux; I believe the Linux environment pretty much shaped my professional career since I was in High School.

I've been a GNU/Linux user for more than I can remember, although I started using it exclusively circa 2011. I started using Debian, Mint and Ubuntu interchangeably for a couple of years and, as time passed, I started to develop personal scripts and unscrew my deterministically-broken distro (I still remember my hook to fix the fglrx install every time X was updated). This experience threw me to the other side, and for a while I thought I could maintain my own LFS-based distribution with scripts of this sort, which led me to learn a lot about what *not* to do when managing packages. However, It was when I finally decided to give Arch a serious try (around 2014) that I found myself enamored with not only the toolchains, but the community and the philosophy behind the distribution --- I'm now a strong supporter of the Arch Way(tm) thanks to all the leasons learned through the winding roads of linux-system-administration.

Although I've always been an assiduous user of the AUR, not only using but writing my own PKGBUILDs, It was only until recently (about 8 months now), that I've been working towards becoming more familiar with the package ecosystem with the end goal of becoming a TU. I've received feedback from many members on the community on how to fix, extend and follow best practices on writing PKGBUILDS which I believe has improved their quality[2].

Besides maintaining packages I've been contributing to other aspects of the Arch Linux ecosystem for about three years now. I've participated in the security team almost since its inception, by providing code to the tracker, tracking CVE's and sending advisories. Likewise, I've been a tester for more than a year. I've also participated (although not as much as I've wanted) on the archlinux-reproducible efforts. Finally, I've worked along with shibumi and Pierre in making an automated build of an official Archlinux Docker image. Beyond Arch Linux, I'm a committer to projects like reproducible-builds.org[3], Briar[4], neomutt[5], and The Update Framework (TUF)[6], among others[7].

There are two main reasons for this application to become a TU. First, I want to contribute *more* to a community that has given me so much, and I'm certain that helping packaging tools for everyone in the community repository will only improve the overall user experience. Second, and most importantly, I want to expand the offer of packages in the official repositories.

Concretely, I want to maintain the following packages:

- Orphaned packages (I'm a regular user of these): - giblib (currently on extra) - python-pylint (currently on extra) - uthash - znc - cvf - netctl (?! currently on core, so I suspect I can't maintain this one) - python-opencl/pyopencl-headers

- I'd love to co-maintain some packages that have a packager right now**: - radare-cutter - hub - rtl-sdr - maven

- I intend to move the following packages from the AUR: - reprotest - git-latexdiff - python-rstr - python2-grip - inxi - plex-fonts

Needless to say, I'm open to discussion on this list. I can extend it with any suggested packages, or discard any packages that aren't deemed popular enough.

On a less technical, serious note, I love playing guitar! I have a band and we play progressive, shoegaze, and math-rock. I also like cycling, and reading on pretty much anything. I'm a Rust fanboy and I'm re-learning Verilog, as I'm hoping to play around with the RISC-V ISA and emulate TPM's and other trusted hardware designs.

Thanks, -Santiago (Sangy) Torres-Arias

[1] https://badhomb.re [2] https://aur.archlinux.org/account/sangy [3] https://reproducible-builds.org [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits [5] https://briarproject.org [6] https://theupdateframework.com [7] https://github.com/santiagotorres

* Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1, Tigrmesh, meskarune et al.! ** This is the first time I make this public, so there's no commitment from the current packager at all

The discussion period is over, please vote: https://aur.archlinux.org/tu/?id=107 Best regards Chris

On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

Hello everyone,

Formalities first, Christian Rebischke (Shibumi) is sponsoring my application, although I'd like to thank so many people for their feedback, help, guidance and counsel in all-things-Arch*.

My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate from New York University. My research focuses on securing the dev-ops pipeline/supply chain, which includes work on package manager security, version control system security, securing container orchestrators, reproducible builds, so on and so forth. It is not a coincidence that all of these relate strongly with Linux; I believe the Linux environment pretty much shaped my professional career since I was in High School.

I've been a GNU/Linux user for more than I can remember, although I started using it exclusively circa 2011. I started using Debian, Mint and Ubuntu interchangeably for a couple of years and, as time passed, I started to develop personal scripts and unscrew my deterministically-broken distro (I still remember my hook to fix the fglrx install every time X was updated). This experience threw me to the other side, and for a while I thought I could maintain my own LFS-based distribution with scripts of this sort, which led me to learn a lot about what *not* to do when managing packages. However, It was when I finally decided to give Arch a serious try (around 2014) that I found myself enamored with not only the toolchains, but the community and the philosophy behind the distribution --- I'm now a strong supporter of the Arch Way(tm) thanks to all the leasons learned through the winding roads of linux-system-administration.

Although I've always been an assiduous user of the AUR, not only using but writing my own PKGBUILDs, It was only until recently (about 8 months now), that I've been working towards becoming more familiar with the package ecosystem with the end goal of becoming a TU. I've received feedback from many members on the community on how to fix, extend and follow best practices on writing PKGBUILDS which I believe has improved their quality[2].

Besides maintaining packages I've been contributing to other aspects of the Arch Linux ecosystem for about three years now. I've participated in the security team almost since its inception, by providing code to the tracker, tracking CVE's and sending advisories. Likewise, I've been a tester for more than a year. I've also participated (although not as much as I've wanted) on the archlinux-reproducible efforts. Finally, I've worked along with shibumi and Pierre in making an automated build of an official Archlinux Docker image. Beyond Arch Linux, I'm a committer to projects like reproducible-builds.org[3], Briar[4], neomutt[5], and The Update Framework (TUF)[6], among others[7].

There are two main reasons for this application to become a TU. First, I want to contribute *more* to a community that has given me so much, and I'm certain that helping packaging tools for everyone in the community repository will only improve the overall user experience. Second, and most importantly, I want to expand the offer of packages in the official repositories.

Concretely, I want to maintain the following packages:

- Orphaned packages (I'm a regular user of these): - giblib (currently on extra) - python-pylint (currently on extra) - uthash - znc - cvf - netctl (?! currently on core, so I suspect I can't maintain this one) - python-opencl/pyopencl-headers

- I'd love to co-maintain some packages that have a packager right now**: - radare-cutter - hub - rtl-sdr - maven

- I intend to move the following packages from the AUR: - reprotest - git-latexdiff - python-rstr - python2-grip - inxi - plex-fonts

Needless to say, I'm open to discussion on this list. I can extend it with any suggested packages, or discard any packages that aren't deemed popular enough.

On a less technical, serious note, I love playing guitar! I have a band and we play progressive, shoegaze, and math-rock. I also like cycling, and reading on pretty much anything. I'm a Rust fanboy and I'm re-learning Verilog, as I'm hoping to play around with the RISC-V ISA and emulate TPM's and other trusted hardware designs.

Thanks, -Santiago (Sangy) Torres-Arias

[1] https://badhomb.re [2] https://aur.archlinux.org/account/sangy [3] https://reproducible-builds.org [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits [5] https://briarproject.org [6] https://theupdateframework.com [7] https://github.com/santiagotorres

* Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1, Tigrmesh, meskarune et al.! ** This is the first time I make this public, so there's no commitment from the current packager at all

The results are in... Yes: 29 No: 3 Abstain: 8 Total: 40 Particiaption: 83.33% Congratulations Santiago, you've got accepted as Trusted User. Welcome on board. Chris / shibumi