[aur-general] TU Application: Daniel Bermond (dbermond)

Baptiste Jonglez baptiste at bitsofnetworks.org
Sun Oct 14 21:38:54 UTC 2018


On 14-10-18, Doug Newgard via aur-general wrote:
> Decided to take a quick look at your PKGBUILDs, and just a few spot checks
> makes me wonder. The first one I click on is apache-flex-sdk, I see that you
> aren't the original submitter, so I look at the git log and see that the first
> thing you did when taking over this was to remove pgp checks from the source.
> WTF. Look at the PKGBUILD, see a totally useless prepare function, ok, not a
> big thing. Let's check another one, clicked on flif, see msg2s being used for
> no reason and bad conflicts. Click on a couple more, see that those issues
> aren't mistakes, they're a fundamental misunderstanding.
> Maybe my perception was colored by that really bad decision to remove the pgp
> checks, and while the PKGBUILDs are mostly fine, there seems to be things about
> packaging that you don't understand yet. Is it time to become a TU already?

Well, as always, you could start by not being immediately aggressive
towards people.

Judging from the handful of PKGBUILDs I've read, the quality is really
high overall, they don't even have most of the "classical" small mistakes
(there is source renaming when needed, etc).  We don't require new TUs to
do everything perfectly, and nothing is ever perfect anyway.  There's
always something new to learn.

Regarding the PGP checks, there is no question that they are very useful
and desirable for packages in our repositories.  I am sure that Daniel
will make efforts to add PGP checks wherever possible when he moves
packages to [community].  But for the AUR, the situation is a bit
different (in my opinion) because I know it throws some people off when
they don't know that they have to import a PGP key to build the package.
I tend to include them anyway now, but I would understand that somebody
would like not to.

Anyway, for the specific case of apache-flex-sdk, look at the comments:
the signing key simply seemed to have expired.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20181014/5ad15df2/attachment.asc>

More information about the aur-general mailing list