[aur-general] Tarball Guidelines
Loui Chang
louipc.ist at gmail.com
Mon Dec 6 04:55:02 CET 2010
On Fri 03 Dec 2010 16:54 -0500, David Campbell wrote:
> Excerpts from keenerd's message of 2010-12-03 13:46:10 -0500:
> > If no one can think of a better way to deal with the nonconforming
> > packages, I'll write a bot to post insulting comments. Personally, I
> > really like this solution. The AUR has always had a wild west
> > frontier / insane asylum feel to it. The less regulation, the better
> > it works. But a few well placed suggestions could help make the two
> > thousand maintainers do a better job.
>
> Isn't this the sort of thing namcap was designed for? Maybe
> namcap should be extended to do checks on .src packages, and a
> report could be posted automatically using namcap when someone
> posts a .src package to the AUR.
The problem is that namcap's implementation is not meant for untrusted
PKGBUILDs. Sourcing those build files is a big security flaw, so we
can't do that for the AUR.
More information about the aur-general
mailing list