[aur-general] TU Membership Application

Santiago Torres-Arias santiago at archlinux.org
Thu Nov 8 02:28:59 UTC 2018 

Hello Brett.

I took some time to randomly sample your PKGBUILDs and give some
feedback:

- ags:
    - it appears that you use sed to change CFLAGS in the makefile
      definition, although it appears that the Makefile itself lets you
      overwrite them. I'd advice trying to use native tooling as
      possible, and to try to get familiar with the toolchain of each
      package as much as possible.
    - The optdepends description on wine is a bit confusing in my
      opinion.
    - I marked the package as out-of-date, as there appears to be a new
      version (3.1.4.15) as of almost two months ago.
    - I noticed that you didn't add a LICENSE file for this package.

- hib-dlagent:
    - I see that you backported a patch on this and ags. I was rather
      surprised to see that neither patches were added to new
      tags/releases. You could, however, cherry pick the commits rather
      than depending on the github api (which can change) to compute the
      diff for you. For this, you could use the git transport on
      makepkg.
    - I noticed that you didn't add a LICENSE file for this package.

- gam-git:
    - I'm not sure if this would work when built in a chroot due to
      those touch calls.
    - After reviewing the package I doubt this doesn't need a build()
      step. Otherwise I'd label this package a -bin. This is something
      that we should take special consideration of, since we could be
      unwittingly be introducing binaries that aren't hardened when
      building. 
      (I could be wrong on this one, since it for some reason vendors
      many well-known packages inside of it. Good job for not pulling it
      those vendored deps :D)
    - I'm confused as to why gam.py needs to be put inside
      /usr/share/gam and add a .sh entrypoint for it in /usr/bin. The
      file seems to have a shebang and be executable...
    - I see that here you *also* are providing a patch. I also could
      find that you submitted an issue upstream for said patch (but not
      the patch itself)[1]. I like your initiative! Do try to keep the
      number of backported patches to a minimum to keep things
      manageable.
    - I noticed that you didn't add a LICENSE file for this package.

I will probably send more feedback, but I also don't want to overwhelm
you with this and all the other reviews around.

Cheers!
-Santiago.

[1] https://github.com/jay0lee/GAM/issues/791
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20181107/be3dc30f/attachment.asc>

More information about the aur-general mailing list