[aur-dev] Git repositories for AUR packages

Kevin Ott supercodingmonkey at gmail.com
Tue Jun 24 03:32:11 EDT 2014


On Tuesday, June 24, 2014 03:20:08 PM 郑文辉 wrote:

> > Using Git hooks, the .AURINFO metadata of a package is parsed when
> > pushing and the AUR package database is updated accordingly. Hooks will
> > also take care of checking the tree objects for huge files etc. The
> > receive.denyNonFastForwards configuration option will be enabled to
> > prevent users from rewriting the history.
> 
> Any thought on package history policy? Does the maintainer to be
> allowed to rewrite/alter the git history of package? As far as I know,
> git does not forbid this kind of things, so, what if a ill-intended
> guy replace the history of a package with his well-crafted history,
> and completely wiped out the change log of the original package? What
> is our pollicy or measures on this? From my point of the view, the
> history of a package is the essiential part of the AUR, which we can
> know hos the package is envolved and perfacted.

Just a quick note since the history rewrite question was answered already in
a section you quoted:
"The receive.denyNonFastForwards configuration option will be enabled to
prevent users from rewriting the history."

This was also brought up in the discussions leading to this [1] [2] so if you haven't
read through them yet, I recommend it. Most edge-cases have already been
considered, so the answers to your other questions may be there.

-Kevin Ott

[1] https://mailman.archlinux.org/pipermail/aur-dev/2013-March/002411.html
[2] https://mailman.archlinux.org/pipermail/aur-dev/2014-January/002592.html


More information about the aur-dev mailing list