[aur-general] Upgraded AUR to 1.8.0

Lukas Fleischer archlinux at cryptocrack.de
Mon Feb 21 13:59:50 EST 2011


On Tue, Feb 22, 2011 at 02:31:31AM +0800, Ray Rashif wrote:
> On 22 February 2011 02:06, Lukas Fleischer <archlinux at cryptocrack.de> wrote:
> > On Tue, Feb 22, 2011 at 02:03:38AM +0800, Ray Rashif wrote:
> >> On 21 February 2011 18:08, Dieter Plaetinck <dieter at plaetinck.be> wrote:
> >> > On Mon, 21 Feb 2011 10:47:50 +0100
> >> > Lukas Fleischer <archlinux at cryptocrack.de> wrote:
> >> >
> >> >> The official Arch Linux AUR setup has been upgraded to 1.8.0. For a
> >> >> short list of changes, read [1].
> >> >>
> >> >> Please report any issues on the AUR bug tracker [2].
> >> >>
> >> >> [1]
> >> >> http://mailman.archlinux.org/pipermail/aur-dev/2011-February/001433.html
> >> >> [2] https://bugs.archlinux.org/index.php?project=2
> >> >
> >> > what's the reasoning behind no longer showing all files in the "source
> >> > package"? I found this feature quite useful.
> >>
> >> I've _always_ used this, almost on every package I came across. I
> >> don't want to be downloading anything I just want to take a rough look
> >> at. Would be good to have this back in some way or another.
> >> Brainstorm!
> >
> > Did you read all my replies on this topic? If you still think that this
> > should be implemented no matter what, you'd better open a feature
> > request on the bug tracker.
> 
> You do not really address this issue aside from shrugging it off as an
> unneeded feature that costs one or two vulnerabilities. If it was
> really that useless it would not have been implemented in the first
> place. The loopholes are real, but the feature should not be
> forgotten.

I consider it as a nice-to-have feature. Can you give me a real reason
why this is absolutely needed? Except from "I often feel bored and click
random links in the AUR"? I pointed out earlier that it is possible to
get an overview of a package without having direct access to all source
files. Downloading and extracting some source tarball (just in case you
want to review it in detail) literally takes 3-5 seconds. Even less if
you script it. I always did it like that and I reviewed a lot of
packages, believe me.

I also already mentioned that we try to move the more advanced features
to the client side. KISS for the AUR.

> I will leave it up to the community to file a request to have this
> back, because with that we can really see whether it actually is as
> useful as a few of us claim :)

Yeah. And the bug tracker is a more appropriate place for this
discussion :)


More information about the aur-general mailing list