[aur-general] Tarball Guidelines
Thorsten Töpper
atsutane at freethoughts.de
Mon Dec 6 17:31:52 CET 2010
On Sun, 5 Dec 2010 22:58:50 -0500
keenerd <keenerd at gmail.com> wrote:
> On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist at gmail.com>
> wrote:
> > The problem is that namcap's implementation is not meant for
> > untrusted PKGBUILDs. Sourcing those build files is a big security
> > flaw, so we can't do that for the AUR.
>
> Thankfully, what I'm doing here does not even look at the pkgbuild.
> It just looks at the directory structure, runs "file" on everything
> and compares this to a (tediously compiled) whitelist. Nothing fancy.
> Would make a lot of sense to have it built in.
>
> -Kyle
> http://kmkeen.com
Hm dunno how your Bot works but is there a way to read the size from a
png file for it and say everything larger than x*y pixels shall be
removed? If not there's still the way to say everything > x KB shall be
removed. The rules need to be modified to this anyway, however as Heiko
already said, not every upstream tarball provides the icon necessary
for a desktop file and there are plenty of apps which need one for DE
users.
Thorsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 222 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20101206/149c7b77/attachment.bin>
More information about the aur-general
mailing list