[aur-general] Trusted user application: Drew DeVault

Thu Feb 28 16:15:49 UTC 2019

On 2/28/19 4:49 PM, Drew DeVault via aur-general wrote:
> The AUR is not community. The expectations are higher for trusted users
> - hence the trust. Naturally responding to emails, keeping up with new
> releases, etc, is part of the role. That's why it's a *role* - it serves
> to define the responsibilities. There is no role for AUR package
> maintainer outside of a column in the database. There's no formal
> process for becoming an AUR package maintainer, and Arch Linux
> explicitly disavows AUR packages as having any standard of quality. You
> can't have it both ways - either they're unsupported and maintaining
> them as such isn't a problem, or they are supported and we have to
> address that can of worms.
> 
> And in my opinion, this represents the AUR working as intended. The low
> barrier to entry encourages users who may be novices at packaging or
> have limited time to invest in their package to give it a shot, then
> other users to download these packages and improve the PKGBUILDs,
> hopefully sending their improvements back to the maintainer. We already
> stress that users need to read and evaluate AUR PKGBUILDs for
> themselves. We should be proud that we have a community which encourages
> every user to make packages and devote any amount of time they can to
> supporting them. In short, part of the AUR's value proposition is its
> fast-and-loose criteria for inclusion and maintenance.
> 
> The purpose of community and the trusted user system, as far as I
> understand, is to provide binary packages from the community that meet a
> baseline of quality - wholey different from the AUR. Any packages I
> bring on from the AUR will first be improved to meet these standards,
> and I commit to a higher degree of responsibility in their maintenance.
> I also naturally recognize the value in improving my AUR packages and
> intend to do so over time, but I feel that an approach which is
> non-committal and less urgent is appropriate here.
> 
> I understand the utility in having a history of good AUR packages in
> evaluating someone's potential as a trusted user. To this end I'm
> happily incorporating your feedback into improving my AUR packages. I
> also encourage you to review my history of contributions to Alpine
> Linux, where I am the maintainer of a number of binary packages and have
> established a history of quality packages, fast updates, and engagement
> with the community.
> 
> I feel that this thread has devolved considerably into this rabbit hole,
> even to the point of ad hominem in some replies. I hope that this has
> explained my opinion more clearly and responded to the criticism. If you
> still disagree, I think at this point it should just influence your vote
> rather than continue the argument.
> 

With all the following I'm speaking in general and don't explicitly try
to discredit your examples and facts of maintainership but to show why
it matters.

The problem here is that the initial trust for someone to be classified
as a trusted user does not magically come from the amount of non backed
claims of doing everything differently and properly once its about
official packages, trust comes from facts and examples. In general its
also lot more meaningful or obvious to make a judgement about things in
the domain of Arch instead of other distros where the insights are less
obvious, which doesn't mean its not a bonus.

An ideal trusted user, who is also responsible for the AUR as a
platform, should lead the community by example in terms of behavior and
packaging quality. If even our official members don't care because its
"just wild west" then how and why should it ever improve?

Or let's make it more dramatic: If the AUR itself should be considered
void then a bunch of garbage packages in the AUR plus the claim "but if
I'm elected I will only do super high quality shizzle" shall be enough
to make a judgement to _trust_ someone doing the right thing?

I'm not saying there is no difference in the official repositories and
the AUR, there is! But TUs are responsible to operate the AUR platform
and its really a non nice example for others if even the official's of
that platform just do it for nothing but "personal pride".

We are not talking about random AUR maintainers, but about someone who
wants to be considered a trusted entity of the community and hence it
matters to lead by example.

cheers,
Levente

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190228/3482862d/attachment.sig>