[aur-general] Trusted user application: Drew DeVault

Drew DeVault sir at cmpwn.com
Mon Feb 25 16:55:38 UTC 2019 

Thanks for all the feedback! I went through and cleaned up all of my AUR
packages - something a wiser man would have done before submitting the
TU application.

Note that in some cases I disowned packages I was no longer interested
in maintaining, and in the case of vgo both disowned and filed a
deletion request; rather than normalize the PKGBUILDs.

On 2019-02-24  6:40 PM, Brett Cornwall wrote:
> I must jokingly admit that my first instinct is to vote against your
> application so that you'd spend more time on wlroots and Sway. You're not
> allowed to work on anything else, slave!

Hehe, don't worry, this wouldn't be much more work than I already take
on for Arch Linux - it'd just be formalizing that relationship.

> * Prefer sha256sums over sha1sums and md5sums
> * "$srcdir" can often be omitted as the PKGBUILD functions all begin
>   in "$srcdir" already - this will make PKGBUILDs much more readable
> * MIT-licensed packages are not installing their licenses.
> * i386/i686 architectures should be removed.
> * update python-distribute makedeps to python-setuptools
> * source= lines should save sources to a "$pkgname-$pkgver.tar.gz" file
> * Python distutil packages should be built and packaged separately [3]:
> * python-spam-blocklists - fill that depends() list, I'm sure it needs
>   something.

Fixed on all counts.

> ## python-flask-markdown, python-haxor
> * source has https, so use it!

Fixed - I normalized all of my Python package's source URLs to the pypi
source, using variable substitution to rejigger the names.

On 2019-02-25  9:46 AM, Morten Linderud via aur-general wrote:
> ## python-asyncio_redis
> * I'm a bit unsure what 2 clause BSD is traditionally called. But it's not `2
>   clause BSD`. After some searching from the repos it seems like `BSD` should be
>   enough(?)

Updated to use the SPDX identifier.

> Also want to stress the lack of MIT license being places in
> `/usr/share/licenses/`, along with source not currently enforcing shared
> SRCDEST as Brett pointerd out.

Fixed this everywhere I found it.

On 2019-02-25  9:58 AM, Levente Polyak via aur-general wrote:
> Your build script on the CI does not produce reproducible packages as
> it uses a own simple wrapper to call makepkg. F.e. If there is no
> SOURCE_DATE_EPOCH defined to now or the value already passed it does
> not create uniform mtimes.

Filed a ticket to address this at a later date:

https://todo.sr.ht/~sircmpwn/sr.ht/165

This shouldn't be an issue for community, though.

> Out of curiosity, what kind of upstream watch are you using to be made
> aware of new releases? 

For the AUR I don't keep up with upstream releases, I just wait for
someone to mark the package as outdated. For Alpine Linux I use a
combination of subscribing to the upstream -announce mailing list and
subscribing to GitHub releases as appropriate; would do something
similar for Arch Linux community.

> Vgo-git should use go-pie as makedepends like all packages that work

I dropped vgo, but fixed this for my other Go-based packages.

> None of your python packages, neither in aur nor in your repo build CI
> are running any unit tests while most of them provide tests upstream.

Fixed in many places in my AUR packages. Will do this for
sr.ht-pkgbuilds later:

https://todo.sr.ht/~sircmpwn/sr.ht/167

More information about the aur-general mailing list