[aur-general] Suggestion to add a pinned comment to PKGBUILDs of high risk vulnerable software
ralf.mardorf at alice-dsl.net
Tue Jul 4 07:50:12 UTC 2017
On Tue, 4 Jul 2017 09:45:08 +0200, Ralf Mardorf wrote:
>On Tue, 4 Jul 2017 14:00:50 +0800, Oon-Ee Ng via aur-general wrote:
>>You could suggest it on the package's AUR page.
>yes, I could ask to do it for dependent packages such as
>https://aur.archlinux.org/packages/xombrero/ even while I'm not using
>I could ask to do it for https://aur.archlinux.org/packages/qtwebkit/ ,
>https://aur.archlinux.org/packages/webkitgtk2 even while I'm not using
>Some maintainers simply are responsible without somebody mentioning it,
>e.g. https://aur.archlinux.org/packages/claws-mail-git/, btw. the only
>related PKGBUILD I'm using myself.
>Another package maintainer disabld webkit usage, after I informed
>about the issue and after I get in contact with upstream, who also will
>fix the issue, https://aur.archlinux.org/packages/guitarix-git/ . I'm
>not using this package, but install guitarix2 from official
>>By sending it to the ML, it looks like you're trying to discuss or
>>push for a general decision.
>Actually there could be PKGBUILDs where I'm not aware of the issue, so
>I can't add a comment, that's why I ask on this list. It should not be
>enforced by a rule, but maintainers of PKGBUILDs should become a sense
>of responsibility, so I mentioned it on this list.
PS: Maybe Claws from git still builds using with webkit, if it#s
installed, but it's not a dependency.
Vote for apulse!
echo $(w3m https://aur.archlinux.org/packages/apulse |grep 'Votes: ')
Votes: 82 Updated: Tue Jul 4 09:48:53 CEST 2017
More information about the aur-general