[aur-general] TU Application: Baptiste Jonglez

Levente Polyak anthraxx at archlinux.org
Mon Nov 28 11:20:40 UTC 2016 

Hi Bapiste,

> 
> Don't hesitate if you have any questions, or comments on my AUR packages!
> 

Sure, I always take a look at all packages of an applicant and suggest
changes before I decide how to vote... so here we go :P
Excuse me if I copy-paste some blocks, its just simpler doing so :)


ring-daemon:
- just a feeling but a description with 202 chars feels quite long :P

opendht:
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.

sig2dot
- every reference to $pkgdir should be put inside double-quotes in case
  it contains spaces.

pjproject
- if you must use -j1 for every make call, you can simply add
  !makeflags to the options instead.

opendht-git
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.

pius
- documentation, or hint to documentations inside .install files always
  feels like the wrong place. If there is documentation in
  /usr/share/doc/pius then people will find it.

linux-mptcp
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.
- #tag= should never be used for git packages, instead store the commit
  hash for the tag and always use the #tag= prefix. A named tag does not
  mean much and you won't even notice when upstream changes such.
  This is especially bad when using plain git:// :-)
- You should add an initramfs post transaction hook like in the regular
  kernel [0] to avoid problems like described in #51818.

coq-doc
- the sources must be prefixed with the version as otherwise older
  tarballs will "conflict". on top of that "stdlib.tar.gz" sounds
  a bit too generic and may overlap with another package, conisder
  also including the package name into the prefix to avoid such
  situation.

asio-latest
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.
- every reference to $pkgdir should be put inside double-quotes in case
  it contains spaces.

ring-gnome-git
- a VCS package should always provide its non-VCS package variant like
  'ring-gnome'
- the pkgver() function doesn't sound specific enough, it just returns
  a simple date without anything else (f.e. 20161110) which means
  building on the same date can result in the same package version while
  being built from quite different source states.

restbed-latest
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.

restbed
- #tag= should never be used for git packages, instead store the commit
  hash for the tag and always use the #tag= prefix. A named tag does not
  mean much and you won't even notice when upstream changes such.

kashmir
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.

udrawgraph
- just a bit of style, but we have arch specific depends like
  depends_x86_64 which looks better :P
- every reference to $pkgdir should be put inside double-quotes in case
  it contains spaces.
- every reference to $srcdir should be put inside double-quotes in case
  it contains spaces.

ring-daemon-git
- a VCS package should always provide/conflicts its non-VCS package
  variant like 'ring-daemon'
- just a feeling but a description with 202 chars feels quite long :P
- the pkgver() function doesn't sound specific enough, it just returns
  a simple date without anything else (f.e. 20161110) which means
  building on the same date can result in the same package version while
  being built from quite different source states.

libringclient-git
- a VCS package should always provide its non-VCS package variant like
  'libringclient'
- If there is no strong reason to depend on a git variant, always depend
  on the non VCS, in this case ring-daemon instead of ring-daemon-git
- the pkgver() function doesn't sound specific enough, it just returns
  a simple date without anything else (f.e. 20161110) which means
  building on the same date can result in the same package version while
  being built from quite different source states.

npiet
- every reference to $pkgdir should be put inside double-quotes in case
  it contains spaces.

tsocks-ipv6
- this looks like it should also provide tsocks as it just adds
  additional v6 support

iproute-mptcp
- sources that are not unique (like "/v$pkgver.tar.gz" from github)
  should be prefixed with the package name (+ of cause pkgver) to
  be unique. This is important if you configures shared SRCDEST to
  avoid conflicts.

bdsync
- sources that are not unique (like "/v$pkgver.tar.gz" from github)
  should be prefixed with the package name (+ of cause pkgver) to
  be unique. This is important if you configures shared SRCDEST to
  avoid conflicts.

net-tools-mptcp
- #branch= should never be used for non VCS git packages, instead store
  the commit hash for the tag and always use the #tag= prefix. A named
  branch does not mean much and you won't even notice when upstream
  changes or adds commits to such.
- you should use git+https:// instead of plain git:// even through the
  CA world is a bit wonky it still authenticates the server and at the
  very bare minimum adds confidentiality.



cheers,
Levente


[0]
https://git.archlinux.org/svntogit/packages.git/commit/trunk/80-linux.hook?h=packages/linux&id=617173dcde960f00112ebdfee4c80ede71e67375
[1] https://www.archlinux.org/todo/use-gpg-signatures-and-https-sources/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20161128/cc1a9865/attachment.asc>

More information about the aur-general mailing list