[aur-general] Tarball Guidelines
Heiko Baums
lists at baums-on-web.de
Mon Dec 6 05:50:39 CET 2010
Am Sun, 5 Dec 2010 22:58:50 -0500
schrieb keenerd <keenerd at gmail.com>:
> On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist at gmail.com>
> wrote:
> > The problem is that namcap's implementation is not meant for
> > untrusted PKGBUILDs. Sourcing those build files is a big security
> > flaw, so we can't do that for the AUR.
>
> Thankfully, what I'm doing here does not even look at the pkgbuild.
> It just looks at the directory structure, runs "file" on everything
> and compares this to a (tediously compiled) whitelist. Nothing fancy.
> Would make a lot of sense to have it built in.
>
> -Kyle
> http://kmkeen.com
Are you R.Daneel? And are you flooding several inboxes with such
useless comments regarding "wrong" or "bad" packages just because they
contain some "local" files which are not provided by upstream like a
single icon or a tarball with a ruleset?
Not a good idea.
See e.g. opcion and logcheck. The first is a Java application and
contains one icon for the desktop menu which is not provided by
upstream. The second has some tarballs with rules included which are
also not provided by upstream.
I'm not the maintainer of these packages. But writing such comments for
these packages is just useless and floods needlessly several inboxes of
users who are subscribed to those comments.
Please, don't exaggerate the "QA".
Heiko
More information about the aur-general
mailing list