[aur-general] TU Application: Alad Wenter

Eli Schwartz eschwartz at archlinux.org
Sun Sep 10 16:55:16 UTC 2017 

On 09/10/2017 09:16 AM, Alad Wenter via aur-general wrote:
> Hello everyone,
> 
> My name is Alad Wenter, and I would like to apply for a position as Trusted User. I’m a student in Germany, majoring in Mathematics with a focus on Algebraic Topology. Many thanks to Johannes Löthberg who is sponsoring my TU application.

Somme comments on your AUR packages:

aurutils/aurutils-git:
- uses the ISC ("custom:ISC") license, which is not a common license
  (`pacman -Ql licenses`)and must therefore be installed separately.
- Thanks you kindly for upgrading the security of the *sums you SKIP
  from md5 to sha256 :p :p


bash-devel-git:
- You do not follow our repo bash package in defining, as per FS#50567,
  -DNON_INTERACTIVE_LOGIN_SHELLS
- Apparently this doesn't work with the system readline or something???
- system.bashrc is out of sync with the core/bash package
- Do you even pacman hooks? Get rid of bash.install

cottage:
- source tarball violates shared SRCDEST, v$pkgver.tar.gz clashes with
  other packages that have the same version.

cottage-git:
- Has an abomination of a pkgver(), you know how to do this properly -_-
  and upstream even has tags!!!
- clones #branch=master which is the default
- unconditionally defines options=('debug'), which is meant to be a
  makepkg.conf choice and uses a separate build target which just
  appends to CFLAGS the same way our DEBUG_CFLAGS do.
- again consider asking upstream to support DESTDIR.

datamash-git:
- pkgver() doesn't strip "v" from the start
- source is cloned over git://git.sv.gnu.org which redirects to
  git.savannah.gnu.org, also please clone over https:// as this verifies
  the server in addition to just encrypting the transport
- It seems bizarre that this makedepends on rsync and wget, the latter
  especially seems like some part of the build process attempts to
  download itself... I think it wants to bootstrap updated translations
  but this should still be done via source=().
- Do you even pacman hooks? Get rid of datamash.install

dpkg:
- git source at pinned commit should not re-clone itself to a new
  $pkgname-$pkgver every time you bump the pkgver
- autoreconf should be done in prepare()
- explicitly override options=(emptydirs) rather than depending on the
  user's choices in makepkg.conf

howm-x11:
- source tarball violates shared SRCDEST, v$pkgver.tar.gz clashes with
  other packages that have the same version.
- Makefile has install target.
- Those find commands are awkward, `mkdir -p ... && cp -a ...` is not a
  sin so please use it.
- So much whitespace separating variables...
- That install script depresses me, shouldn't users be expected to
  determine for themselves how to use this?

howm-x11-git:
- Basically just the same things mentioned for howm-x11 or cottage-git.

jshon-git:
- pkgver should use tags via `git describe --tags`


kkrieger:
- Downloads an unversioned kkrieger-beta.zip -- I understand this is
  web.archive.org that will never be updated but it is still painful. :D
- kkrieger.jpg is a 404 not found, also you never even try to do
  anything with it...

lightspark-git:
- Do you even pacman hooks? Get rid of lightspark-git.install
- Depends on desktop-file-utils, not needed because of hooks, and curl,
  arguably not needed as it's a dependency of pacman among other things.

mc-git:
- autogen should really be done in prepare()

nvtv:
- Empty variables should be deleted.
- md5sums at the bottom of the PKGBUILD are weird, move this up with the
  other variables, like source=()
- You really need quilt for this?
- make prefix="$pkgdir/usr" install seems like it should be ./configure
  --prefix=/usr && make DESTDIR since this is after all autotools and if
  there is one decent thing about autotools it is the fact that DESTDIR
  can be essentially guaranteed to exist...

repoctl-git:
- pkgver() does not strip leading "v"
- Why does this depend on xz, which is a dependency of lots of core
  things e.g. libarchive, and unlikely to be explicitly needed vs. the
  many other compression formats makepkg/repo-add supports?
- Why !strip, does this package actually break if you try stripping it?

thunar-git:
- autogen should be done in prepare()

vim-bracketed-paste:
- The source is a github master.zip, I'm not even sure how to properly
  express my disappointment. It should be a -git package since there are
  no releases.

xss:
- So much whitespace in the variables...
- Unversioned source xss-master.tar.gz
- None of it works because the upstream website is dead, everything
  redirects to https://sites.google.com/view/woozle/
- Author still exists at https://github.com/nealey, project has moved to
  https://github.com/9wm/xss (he is a member of that org)


> I have opened a repository with modifications from the original AUR packages to better suit them as candidates for [community]. [8]
> 
> [8] https://github.com/AladW/community

physlock:
- source tarball violates shared SRCDEST, v$pkgver.tar.gz clashes with
  other packages that have the same version.

polkit-explorer:
- Since I see you already filed one pull request upstream for PEP 394,
  why not also contribute a decent setup.py and that desktop file...
- uses the ISC ("custom:ISC") license, which is not a common license
  (`pacman -Ql licenses`)and must therefore be installed separately.

python-i3-py:
- It is probably not important to point out in the description which
  programming language it uses, especially when the pkgname already
  includes that info.
- git source at pinned commit should not re-clone itself to a new
  $pkgname-$pkgver every time you bump the pkgver
- Python packages which are intended to install a command-line tool
  rather than a library should not be prefixed with python- and do not
  need to be installed for both Python 3 and Python 2.

qpdfview:
- Does this really need desktop-file-utils and hicolor-icon-theme or was
  this a remnant of some pre-hooks install script?q

-- 
Eli Schwartz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20170910/5965cff6/attachment-0001.asc>

More information about the aur-general mailing list