[aur-general] Enforcing AUR package quality (was Re: Trusted user application: Drew DeVault)

Daniel M. Capella polyzen at archlinux.org
Thu Feb 28 17:09:19 UTC 2019


On February 28, 2019 11:34:08 AM EST, Jerome Leclanche <jerome at leclan.ch> wrote:
>On Thu, Feb 28, 2019 at 5:22 PM Daniel M. Capella via aur-general
><aur-general at archlinux.org> wrote:
>>
>> On February 28, 2019 8:58:06 AM EST, Jerome Leclanche
><jerome at leclan.ch> wrote:
>>
>> <snip>
>>
>> >OT: We should maybe have the AUR lint PKGBUILDs on git push (and
>> >reject really bad ones) if we want to improve that situation.
>> >
>> >J. Leclanche
>>
>> I've been thinking enforcing the use of makechrootpkg and namcap on
>package submission should be introduced, and maybe even on major (and
>minor?) version bumps for packages following semver. Inb4 yes I'm aware
>of the number of false-positives in namcap.
>>
>> --
>> Best,
>> polyzen
>
>Can we give namcap's outputs error codes and blacklist some of the
>false positives?

That seems in line with well-established linters. It would also be nice if a linting plugin for an editor (eg. ALE for Vim) could utilize namcap someday.

>I was mostly thinking about things that can be done just by static
>analysis of the PKGBUILD, rather than anything requiring packages to
>be built, so that they can be rejected immediately during git push.
>Things such as running mksrcinfo, verifying local sources (and their
>hashes), etc.

The tool mentioned in alad's reply seems interesting. Will have to check it out.

>J. Leclanche



--
Best,
polyzen


More information about the aur-general mailing list