[aur-general] TU application -- Santiago Torres-Arias

Santiago Torres-Arias santiago at archlinux.org
Sun Jul 22 19:35:52 UTC 2018

Hello everyone,

Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
although I'd like to thank so many people for their feedback, help, guidance
and counsel in all-things-Arch*.

My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
from New York University. My research focuses on securing the dev-ops
pipeline/supply chain, which includes work on package manager security,
version control system security, securing container orchestrators,
reproducible builds, so on and so forth. It is not a coincidence that
all of these relate strongly with Linux; I believe the Linux environment
pretty much shaped my professional career since I was in High School.

I've been a GNU/Linux user for more than I can remember, although I started
using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
interchangeably for a couple of years and, as time passed, I started to develop
personal scripts and unscrew my deterministically-broken distro (I still
remember my hook to fix the fglrx install every time X was updated). This
experience threw me to the other side, and for a while I thought I could
maintain my own LFS-based distribution with scripts of this sort, which led me
to learn a lot about what *not* to do when managing packages. However, It was
when I finally decided to give Arch a serious try (around 2014) that I found
myself enamored with not only the toolchains, but the community and the
philosophy behind the distribution --- I'm now a strong supporter of the
Arch Way(tm) thanks to all the leasons learned through the winding roads
of linux-system-administration.

Although I've always been an assiduous user of the AUR, not only using but
writing my own PKGBUILDs, It was only until recently (about 8 months now), that
I've been working towards becoming more familiar with the package ecosystem
with the end goal of becoming a TU. I've received feedback from many members on
the community on how to fix, extend and follow best practices on writing
PKGBUILDS which I believe has improved their quality[2].

Besides maintaining packages I've been contributing to other aspects of
the Arch Linux ecosystem for about three years now. I've participated in
the security team almost since its inception, by providing code to the
tracker, tracking CVE's and sending advisories. Likewise, I've been a
tester for more than a year. I've also participated (although not as
much as I've wanted) on the archlinux-reproducible efforts. Finally,
I've worked along with shibumi and Pierre in making an automated build
of an official Archlinux Docker image. Beyond Arch Linux, I'm a
committer to projects like reproducible-builds.org[3], Briar[4],
neomutt[5], and The Update Framework (TUF)[6], among others[7].

There are two main reasons for this application to become a TU. First, I want to
contribute *more* to a community that has given me so much, and I'm certain
that helping packaging tools for everyone in the community repository will only
improve the overall user experience. Second, and most importantly, I want to
expand the offer of packages in the official repositories.

Concretely, I want to maintain the following packages:

    - Orphaned packages (I'm a regular user of these):
        - giblib (currently on extra)
        - python-pylint (currently on extra)
        - uthash
        - znc
        - cvf
        - netctl (?! currently on core, so I suspect I can't maintain this one)
        - python-opencl/pyopencl-headers

    - I'd love to co-maintain some packages that have a packager right now**:
        - radare-cutter
        - hub
        - rtl-sdr
        - maven

    - I intend to move the following packages from the AUR:
        - reprotest
        - git-latexdiff
        - python-rstr
        - python2-grip
        - inxi
        - plex-fonts

Needless to say, I'm open to discussion on this list. I can extend it with any
suggested packages, or discard any packages that aren't deemed popular enough.

On a less technical, serious note, I love playing guitar! I have a band
and we play progressive, shoegaze, and math-rock. I also like cycling,
and reading on pretty much anything. I'm a Rust fanboy and I'm
re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
and emulate TPM's and other trusted hardware designs.

-Santiago (Sangy) Torres-Arias

[1] https://badhomb.re
[2] https://aur.archlinux.org/account/sangy
[3] https://reproducible-builds.org
[4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
[5] https://briarproject.org
[6] https://theupdateframework.com
[7] https://github.com/santiagotorres

* Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
  Tigrmesh, meskarune et al.!
** This is the first time I make this public, so there's no commitment from
   the current packager at all
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180722/b53e47fc/attachment.asc>

More information about the aur-general mailing list