[aur-general] Trusted user application: Drew DeVault

Eli Schwartz eschwartz at archlinux.org
Thu Feb 28 14:35:41 UTC 2019

On 2/28/19 9:26 AM, Levente Polyak via aur-general wrote:
> On 2/28/19 2:58 PM, Jerome Leclanche wrote:
>> On Thu, Feb 28, 2019 at 12:51 PM Josef Miegl <josef at miegl.cz> wrote:
>>> Although I don't have high expectations when dealing with AUR packages, it is absolutely the maintainers job to keep track of upstream updates. This mindset is probably the reason why there is so much out of date stuff on the AUR. It strikes me that a maintainer who doesn't keep track of his own packages wants to become a TU.
>> No, it is not, and please don't expect this of volunteers. The
>> responsibility goes as far as security (being made aware ASAP of
>> security issues in packages), but knowing in general when a release
>> happens is not (and/or shouldn't be) the TU's responsibility.
>> Most TUs do know when a release happens in at least a portion of their
>> packages, by nature of often maintaining packages they have some
>> working relationship with. But the flagging system is very useful in
>> crowdsourcing the non-security-sensitive portion of package
>> maintenance.
> I very strongly disagree on this, nobody forces a volunteer to
> _maintain_ a certain package, but If it is chosen by choice then keeping
> it up to date is a responsibility as well.
> As long as we do not have an automatic system in place it is one of the
> responsibilities to track it as good as possible!
> This doesn't make the out-of-date flag system non-useful, even when we
> would have our automatic flagging system in place, as it could slip
> through the radar or tracking like upstream may change the location for
> future releases.
> I frankly don't like the habit of "i don't give a darn to track, someone
> will flag it", this is bad practice, and the best we could agree on is
> that we strongly disagree.

This is indeed the ideal.

Of course even with the flagging system, 412 / 10691 packages are marked
out of date.

It is true that over half of these were flagged within the past month.

Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190228/92a259f0/attachment.sig>

More information about the aur-general mailing list