[aur-general] Trusted User Application

Tue Jun 3 11:32:32 EDT 2008

On Tue, Jun 3, 2008 at 5:13 PM, Sebastian Nowicki <sebnow at gmail.com> wrote:
>
> On 03/06/2008, at 1:18 AM, Alessio Bolognino wrote:
>
>> On Tue 2008-06-03 01:08, Sebastian Nowicki wrote:
>>>
>>> On 02/06/2008, at 3:43 PM, Loui wrote:
>>
>>>> - try to avoid custom variables (_pkgdata). It is not needed and it
>>>> only appears once.
>>>
>>> Is that really such a bad thing? I just want to make it clear, since I've
>>> been a bit confused about it for a while now. As far as I can tell the
>>> only
>>> reason not to use custom variables is that the current AUR code base
>>> doesn't support them (or maybe it does now?), so URLs and such have
>>> unparsed variables in them. Apart from that I don't see any problems with
>>> them, as long as it is made sure that they won't conflict with existing
>>> package, and using an underscore will do that.
>>
>> What's the point of using a variable if it never changes and it is used
>> only once?
>
> In this case it's not really necessary, I agree, but I was asking about the
> general use of "private" variables.
>
>

On Mon, Jun 2, 2008 at 7:08 PM, Sebastian Nowicki <sebnow at gmail.com> wrote:
>
> Is that really such a bad thing? I just want to make it clear, since I've
> been a bit confused about it for a while now. As far as I can tell the only
> reason not to use custom variables is that the current AUR code base doesn't
> support them (or maybe it does now?), so URLs and such have unparsed
> variables in them. Apart from that I don't see any problems with them, as
> long as it is made sure that they won't conflict with existing package, and
> using an underscore will do that.
>
>

>From the AUR Packaging guidelines
(http://wiki.archlinux.org/index.php/Arch_Packaging_Standards):

Do not introduce new variables into your PKGBUILD build scripts,
unless the package cannot be built without doing so, as these could
possibly conflict with variables used in makepkg itself. If a new
variable is absolutely required, prefix the variable name with an
underscore

As we want others to follow these guidelines I think we as TUs should
also do so as people can use our PKGBUILDs as a guideline.

The main reason not to like custom variables is that it is not easy to
read when checking if a PKGBUILD is safe when you get it from AUR. You
see a custom variable in the build{} part and you have to search in
the PKGBUILD what this variable means. (clearly our custom variables
can be trusted (hence truster users) but for other users one can
easily slip a 'rm -rf /' or something in it (no it has never happened
but still).

I would say be a good example for other users unless there is really
an advantage on both sides of the chain).
When a custom variable appears a number of times in the build{} field
I think it is not bad to use a custom variable so you only have to
change it ones (if it is a number for example), but if it appears only
one time there is just no point in using one.