[aur-dev] .SRCINFO: handling of commits lacking an update and in general

Gordian Edenhofer gordian.edenhofer at gmail.com
Sun Jul 26 17:24:30 UTC 2015

On Sun, 2015-07-26 at 19:08 +0200, Marcel Korpel wrote:
> * Gordian Edenhofer <gordian.edenhofer at gmail.com> (Sun, 26 Jul 2015
> 18:34:28 +0200):
> > I am against calculating the .SRCINFO on the server because of the
> > already stated security issues. However I agree that it is a 
> > growing
> > problem for AUR helpers. A reasonable approach would be to at least
> > remind the user through git each time a commit with no .SRCINFO was
> > pushed.
> There already is a hook that tests if .SRCINFO exists, among other
> files:
> https://projects.archlinux.org/aurweb.git/tree/git-interface/git
> -update.py#n218
> Best, Marcel

I am aware of this hook, but I was recommending an additional one which
would check whether the .SRINFO file is updated in the commit. I would
guess the majority of PKGBUILD-modifications affect the .SRCINFO file
and therefore should contain an altered .SRINFO. The proposed hook
could check the pushed commit for an altered .SRCINFO file and would
display a warning if it is not modified.
For those changes which need no amendments to the .SRCINFO the message
could simply be dismissed since the commit is pushed either way.

Best Regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.archlinux.org/pipermail/aur-dev/attachments/20150726/4ef76f67/attachment-0001.asc>

More information about the aur-dev mailing list