[aur-general] Trusted user application: Drew DeVault

Jerome Leclanche jerome at leclan.ch
Thu Feb 28 13:58:06 UTC 2019 

On Thu, Feb 28, 2019 at 12:51 PM Josef Miegl <josef at miegl.cz> wrote:
> Although I don't have high expectations when dealing with AUR packages, it is absolutely the maintainers job to keep track of upstream updates. This mindset is probably the reason why there is so much out of date stuff on the AUR. It strikes me that a maintainer who doesn't keep track of his own packages wants to become a TU.

No, it is not, and please don't expect this of volunteers. The
responsibility goes as far as security (being made aware ASAP of
security issues in packages), but knowing in general when a release
happens is not (and/or shouldn't be) the TU's responsibility.
Most TUs do know when a release happens in at least a portion of their
packages, by nature of often maintaining packages they have some
working relationship with. But the flagging system is very useful in
crowdsourcing the non-security-sensitive portion of package
maintenance.

As for being frustrated with the OOD packages on the AUR, I encourage
you to make use of the flagging system yourself. It's present there as
well. And if you think you can do better than the package's
maintainer, ask to co-maintain it, or adopt it if it's abandoned. And
in the mean time, you get to be able to download the PKGBUILD and
modify it to your liking, that's the whole point of that system.
If this sounds pointed, that's because I'm not amused by this idea
that anyone who puts a package on the AUR should be at the service of
those who download it. Arch philosophy goes above and beyond to drive
in people's heads that the AUR is unsupported, to the point of
rejecting any AUR helper in official packages. Expectations should be
set accordingly.

On Thu, Feb 28, 2019 at 2:16 PM alad via aur-general
<aur-general at archlinux.org> wrote:
> Generally, while expectations are naturally not as high as with
> community packages, lacking quality of PKGBUILDs in AUR remains
> problematic when trying to promote AUR packages to community. Due to
> this, a complete rewrite of the PKGBUILD is usually required, rather
> than making some minor adjustments.
>
> https://lists.archlinux.org/pipermail/aur-general/2016-October/032845.html

OT: We should maybe have the AUR lint PKGBUILDs on git push (and
reject really bad ones) if we want to improve that situation.

J. Leclanche

More information about the aur-general mailing list