[aur-general] Trusted user application: Drew DeVault

Levente Polyak anthraxx at archlinux.org
Thu Feb 28 14:26:03 UTC 2019 

On 2/28/19 2:58 PM, Jerome Leclanche wrote:
> On Thu, Feb 28, 2019 at 12:51 PM Josef Miegl <josef at miegl.cz> wrote:
>> Although I don't have high expectations when dealing with AUR packages, it is absolutely the maintainers job to keep track of upstream updates. This mindset is probably the reason why there is so much out of date stuff on the AUR. It strikes me that a maintainer who doesn't keep track of his own packages wants to become a TU.
> 
> No, it is not, and please don't expect this of volunteers. The
> responsibility goes as far as security (being made aware ASAP of
> security issues in packages), but knowing in general when a release
> happens is not (and/or shouldn't be) the TU's responsibility.
> Most TUs do know when a release happens in at least a portion of their
> packages, by nature of often maintaining packages they have some
> working relationship with. But the flagging system is very useful in
> crowdsourcing the non-security-sensitive portion of package
> maintenance.


I very strongly disagree on this, nobody forces a volunteer to
_maintain_ a certain package, but If it is chosen by choice then keeping
it up to date is a responsibility as well.
As long as we do not have an automatic system in place it is one of the
responsibilities to track it as good as possible!
This doesn't make the out-of-date flag system non-useful, even when we
would have our automatic flagging system in place, as it could slip
through the radar or tracking like upstream may change the location for
future releases.
I frankly don't like the habit of "i don't give a darn to track, someone
will flag it", this is bad practice, and the best we could agree on is
that we strongly disagree.

sincerely,
Levente

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190228/ff87092c/attachment.sig>

More information about the aur-general mailing list