On 2021-04-11 03:21, George Rawlinson via aur-general wrote:
My name is George Rawlinson (grawlinson), and I am applying to be a Trusted User. My sponsors are Morten Linderud (Foxboron) and Sven-Hendrik Haase (svenstaro). They have evaluated my PKGBUILDs and quickly come to the conclusion that they are considered a crime against humanity, but feel free to offer your own opinions. Feedback is always great! Especially if there's something I've overlooked. [...]
Hello, George! Nice to meet you.
I took a look at some of your packages and have some feedback for you!
- I like that you added PGP signing since you're upstream as well. - License is GPL3, not GPL, which means GPLv2 or any later version . Just a nitpick.
- Your cleanup commit makes great improvements when you adopted it.
- Nice job adding PGP verification when adopting - HTTPS source can be used instead of HTTP
The rest of the packages I viewed left me without comment, which is good. You've got a good grasp on best practices for packaging! I particularly like how you've heeded the tip on the PKGBUILD wiki page and extracted out an MIT license from a readme for a package without a dedicated file. :)
Overall, it looks very good! I've noticed that your commit messages are generally unhelpful, though: They often use a stock "upgpkg: blah" rather than actually telling what work was done.
I also took a look at the packages you maintain and intend on bringing into [community]. Most of those Go packages download vendor libraries on buildtime. The Go package guidelines  make no mention of vendoring so I'd like to get some clarification from someone else on whether or not this is kosher.