[aur-general] Tarball Guidelines

Thorsten Töpper atsutane at freethoughts.de
Mon Dec 6 17:31:52 CET 2010

On Sun, 5 Dec 2010 22:58:50 -0500
keenerd <keenerd at gmail.com> wrote:

> On Sun, Dec 5, 2010 at 10:55 PM, Loui Chang <louipc.ist at gmail.com>
> wrote:
> > The problem is that namcap's implementation is not meant for
> > untrusted PKGBUILDs. Sourcing those build files is a big security
> > flaw, so we can't do that for the AUR.
> Thankfully, what I'm doing here does not even look at the pkgbuild.
> It just looks at the directory structure, runs "file" on everything
> and compares this to a (tediously compiled) whitelist.  Nothing fancy.
>  Would make a lot of sense to have it built in.
> -Kyle
> http://kmkeen.com

Hm dunno how your Bot works but is there a way to read the size from a
png file for it and say everything larger than x*y pixels shall be
removed? If not there's still the way to say everything > x KB shall be
removed. The rules need to be modified to this anyway, however as Heiko
already said, not every upstream tarball provides the icon necessary
for a desktop file and there are plenty of apps which need one for DE

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 222 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20101206/149c7b77/attachment.bin>

More information about the aur-general mailing list