[aur-general] Tarball Guidelines
atsutane at freethoughts.de
Mon Dec 6 17:31:52 CET 2010
On Sun, 5 Dec 2010 22:58:50 -0500
keenerd <keenerd at gmail.com> wrote:
> On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist at gmail.com>
> > The problem is that namcap's implementation is not meant for
> > untrusted PKGBUILDs. Sourcing those build files is a big security
> > flaw, so we can't do that for the AUR.
> Thankfully, what I'm doing here does not even look at the pkgbuild.
> It just looks at the directory structure, runs "file" on everything
> and compares this to a (tediously compiled) whitelist. Nothing fancy.
> Would make a lot of sense to have it built in.
Hm dunno how your Bot works but is there a way to read the size from a
png file for it and say everything larger than x*y pixels shall be
removed? If not there's still the way to say everything > x KB shall be
removed. The rules need to be modified to this anyway, however as Heiko
already said, not every upstream tarball provides the icon necessary
for a desktop file and there are plenty of apps which need one for DE
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 222 bytes
Desc: not available
More information about the aur-general