[aur-general] TU Application: Thore Bödecker

Thore Boedecker me at foxxx0.de
Wed May 10 14:01:07 UTC 2017 

Hey,

thanks for your feedback.

On 10.05.17 - 14:26, NicoHood wrote:
> Hello Thore,
> nice to hear you want to join the ArchLinux TU Team.
> 
> I took a quick look at your PKGBUILDs and found out that you are not
> using GPG signatures for your PKGBUILDs. Please always ask upstream for
> GPG signatures and request those if not available.
> 
> See PHP:
> https://secure.php.net/downloads.php#gpg-5.6

The php56 package already uses gpg signatures?!

> 
> See Opendmarc:
> https://sourceforge.net/projects/opendmarc/files/opendmarc-1.3.2.tar.gz.asc/download

Unfortunately the key for opendmarc is not public, that is probably
the reason why it is also disabled in the repo package.

> 
> Also I suggest to use sha512sums, as they are more secure and future
> proof, even though sha256 is already considered secure at the moment.

As you mentioned sha256 should be pretty solid at the moment but I'm
happy to oblige and switched to sha512 in all (co-)maintained
packages.

> 
> Also this source can be fetched via https:
> https://www.xdebug.org/files/xdebug-2.5.3.tgz

Fixed.

> 
> I suggest to get in touch with the upstream projects and request them to
> sign their tarballs. You can also refer to GPGit with makes it easier
> for dev to get started with GPG source signing:
> https://github.com/NicoHood/gpgit

Thanks for this hint, I will contact the upstream projects and request
that. I'll add comments to the PKGBUILDs with status updates of that
progress.

> 
> Cheers
> Nico
> 
> On 05/10/2017 01:49 PM, Thore Boedecker via aur-general wrote:
> > Hey folks,
> > 
> > My name is Thore Bödecker (a.k.a. foxxx0, or just foxxx depending on
> > nick availability) and finally I have taken the time increase my
> > involvement with Arch Linux. I'm 26 years old now and living in small
> > town called Falkensee, near Berlin in Germany.
> > 
> > First of all thanks to Florian Pritz (Bluewind) who is sponsoring my
> > TU application.
> > 
> > I heard you like stories so I'm happy to tell you about my way through
> > the Linux world.
> > 
> > I have been using Linux in various flavours for a long time, if memory
> > serves correctly it all started with Ubuntu 6.10 somewhere in 2006
> > while I was still in school.
> > At first it was merely some experimentation and exploring a whole new
> > world but quickly I got really interested. Being a totally addicted
> > gamer at that time it was not a real option for daily usage but I went
> > ahead to build a small fileserver with it and continued to learn new
> > stuff while doing so.
> > 
> > After switching back and forth between Ubuntu and Debian for a couple of
> > years and a bit of Gentoo in the middle I ended up renting a server to
> > host some stuff with Debian.
> > 
> > In October 2010 my bachelor studies in some sort of technical computer
> > science started at HTW Berlin (for the German speaking people, the
> > course of studies was called "Informationstechnik/Vernetzte Systeme").
> > 
> > This surely had quite some influence and not much later Arch Linux was
> > the OS on my laptop. And oh it was good and enjoyable (even without
> > systemd back then! :P).
> > 
> > During my studies I had less and less time for gaming which eventually
> > made me install Arch on my desktop at home.
> > At that point it was already quite clear that there was no alternative
> > for me.
> > 
> > Having used Arch for some years on a daily basis made me more and
> > more annoyed with my rented server, that was still running Debian.
> > I got really upset with APT and the "Debian-way" of doing things, having
> > seen how simply and enjoyable they were on Arch Linux.
> > 
> > You can pretty much guess what happened, I ended up with Arch on my
> > rented server as well.
> > And a second one.
> > And on my router at home.
> > I even build a custom archiso for home PXE setup, doing which is really
> > pleasing too.
> > 
> > Please bear with me, I'll try to wrap things up :)
> > 
> > Since October 2013 I am studying computer science at the TU Berlin which
> > has been quite an adventure thus far and if everything works out I'm on
> > track to start my master thesis near the end of this year.
> > 
> > As I am also providing hosting services on that server to a small group
> > of customers, the PHP 7 release was quite cumbersome. I had to find a way
> > to provide support for two different PHP versions on my server.
> > Gladly I found a fellow sufferer in Mickaël Thomas (mickael9 in the AUR)
> > and we started working on the php56 AUR package [1].
> > It was a bit messy at first but in the end it worked out and I've been
> > running php56 together with the upstream Arch Linux php packages for over
> > a year now. I have been a co-maintainer of that package ever since and
> > tried to push the security releases out as quickly as possible.
> > 
> > In order to retain as much features of php56 as possible, I created some
> > additional packages for that, which could co-exist with upstream
> > Arch repo packages as well:
> > 
> > [2] php56-apcu
> > [3] php56-geoip
> > [4] php56-memcache
> > [5] php56-memcached
> > [6] php56-xdebug
> > 
> > 
> > So why am I doing this all?
> > 
> > I love using Arch Linux, it has been a joyful journey most of the time
> > and I'm looking forward to what might come.
> > 
> > But why do I want to be a TU some of you might ask.
> > 
> > As I am providing hosting services for customers I am also acting as
> > an email service provider for my customers (and for myself too).
> > Over the last few month there were some nasty spam mails glitching
> > through my spamassassin setup.
> > Naturally I investigated and found that I couldn't really do *anything*
> > while using Arch Linux repo packages only (which I highly prefer for
> > critical infrastructure).
> > I have been in touch with Florian very, very much over the last few
> > years and we shared the same desire: amavisd-new.
> > 
> > So last week I did an experiment with a combination of opendkim +
> > opendmarc + amavisd-new.
> > 
> > When I discovered that there was no AUR package for amavisd-milter I
> > went ahead and created one. But somehow when I tried to push my package
> > to AUR it said "Permission denied". As it turned out, another fellow
> > Arch Linux user has done the exact same thing and pushed to the AUR a
> > couple of hours before me. So I got in contact with said Person, Karol
> > Babioch (kbabioch) and he was happy to let me take ownership of
> > amavisd-milter [7].
> > 
> > I countinued to experiment and it seemed the opendmarc internal SPF
> > check wasn't really working in the Arch Linux repo version.
> > This made me build opendmarc using libspf2 which did the trick and I've
> > put that together in opendmarc-libspf2 [8].
> > 
> > To make all these parts easily and comfortably available to all
> > Arch Linux users I would like to move these few packages to [community]
> > (if Yardena Cohen a.k.a. yar agrees for amavisd-new).
> > 
> > As you guys want to make sure that I am capable of writing high quality
> > PKGBUILDs, Florian pointed out some AUR packages that were orphaned and
> > could use some makeover.
> > So I went ahead and tried my best to get them back into shape, feel free
> > to give feedback:
> > 
> > [9] awl
> > [10] davical
> > [11] webalizer
> > 
> > You can find all packages that I currently maintain here: [12].
> > 
> > Last but not least I would like to throw in my own open source project,
> > that I created to easy management of my hosting:
> > 
> > [13] vhost-api
> > 
> > It is currently undergoing a rewrite in order to improve the modularity,
> > expandability and maintenance. Sadly my time for that is a bit scarce
> > right now and it is not urgent as has been working quite well thus far.
> > 
> > The packages that I would like to move to [community], if the current
> > maintainers agree, are:
> >   - amavisd-new
> >   - amavisd-milter
> >   - perl-convert-tnef (required for amavisd-new)
> >   - perl-convert-uulib (required for amavisd-new)
> >   - libspf2
> > 
> > Additionally I would like to take maintainership of opendmarc if that is
> > okay with Sergej, in order to build it against libspf2.
> > 
> > Apart from maintaining the mentioned packages I am also quite capable
> > regarding server and service hosting and happy to assist in maintaining
> > and improving the Arch Linux infrastructure. :)
> > 
> > The best ways to reach me are either through email: me [at] foxxx0 [dot] de
> > Or over on split^Wfreenode: freenode/foxxx0
> > 
> > 
> > Thanks for taking the time to read all this and for considering my
> > application.
> > 
> > 
> > Cheers,
> > Thore
> > 
> > 
> > [1] https://aur.archlinux.org/cgit/aur.git/log/?h=php56
> > [2] https://aur.archlinux.org/packages/php56-apcu
> > [3] https://aur.archlinux.org/packages/php56-geoip
> > [4] https://aur.archlinux.org/packages/php56-memcache
> > [5] https://aur.archlinux.org/packages/php56-memcached
> > [6] https://aur.archlinux.org/packages/php56-xdebug
> > [7] https://aur.archlinux.org/packages/amavisd-milter
> > [8] https://aur.archlinux.org/packages/opendmarc-libspf2
> > [9] https://aur.archlinux.org/packages/awl
> > [10] https://aur.archlinux.org/packages/davical
> > [11] https://aur.archlinux.org/packages/webalizer
> > [12] https://aur.archlinux.org/packages/?SeB=m&K=foxxx
> > [13] https://github.com/vhost-api
> > 
> 




-- 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20170510/7e2b08e9/attachment.asc>

More information about the aur-general mailing list