[aur-general] Enforcing AUR package quality (was Re: Trusted user application: Drew DeVault)
Jerome Leclanche
jerome at leclan.ch
Thu Feb 28 16:34:08 UTC 2019
On Thu, Feb 28, 2019 at 5:22 PM Daniel M. Capella via aur-general
<aur-general at archlinux.org> wrote:
>
> On February 28, 2019 8:58:06 AM EST, Jerome Leclanche <jerome at leclan.ch> wrote:
>
> <snip>
>
> >OT: We should maybe have the AUR lint PKGBUILDs on git push (and
> >reject really bad ones) if we want to improve that situation.
> >
> >J. Leclanche
>
> I've been thinking enforcing the use of makechrootpkg and namcap on package submission should be introduced, and maybe even on major (and minor?) version bumps for packages following semver. Inb4 yes I'm aware of the number of false-positives in namcap.
>
> --
> Best,
> polyzen
Can we give namcap's outputs error codes and blacklist some of the
false positives?
I was mostly thinking about things that can be done just by static
analysis of the PKGBUILD, rather than anything requiring packages to
be built, so that they can be rejected immediately during git push.
Things such as running mksrcinfo, verifying local sources (and their
hashes), etc.
J. Leclanche
More information about the aur-general
mailing list