[aur-general] TU application: Jonas Witschel (diabonas)

Alad Wenter alad at archlinux.org
Thu Sep 5 21:18:12 UTC 2019 

On 9/5/19 5:29 PM, Alad Wenter via aur-general wrote:
> On Thu, Sep 05, 2019 at 05:23:20PM +0200, Jonas Witschel wrote:
>> Hi all,
>>
>> my name is Jonas Witschel (online nick "diabonas" on the
>> AUR/GitHub/GitLab/...) and I am applying as an Arch Linux Trusted User
>> under the sponsorship of Bruno Pagani and Alad Wenter.
>>
> I hereby confirm my sponsorship of Jonas. Best of luck with your
> application!
>
> Alad

Just to add some words beyond "I sponsor this candidate"...

My first encounter with diabonas was when he fixed some broken behavior
with aurutils [7, 8]. I got no github issue, but instead directly a PR
to fix it. :) I also noticed his interest in WKD when he created a
detailed table on the wiki [9] for every developer and TU key, with the
corresponding bug report.

When Bruno mentioned Jonas was interested in becoming TU, I was
pleasantly surprised and looked at his various AUR packages. What I
found most remarkable was the amount of insight found in these packages,
e.g. the comments in tpm2-tss-git [10]. I thus asked to send in a draft
of the application, found it good and gave my Stamp of Approval(TM).

[7] https://github.com/AladW/aurutils/pull/493
[8] https://github.com/AladW/aurutils/pull/464
[9]
https://wiki.archlinux.org/index.php/User:Diabonas/WKD_support_by_developer_key
[10] https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=tpm2-tss-git#n45

Alad

>
>> A few words about myself: I am a math PhD student and long-time Linux
>> user. I switched to Arch Linux around 2016 because I like the idea of a
>> rolling release distribution that stays close to upstream, which is
>> especially beneficial when doing software development. I got more
>> actively involved in contributing to Arch when the previous AUR
>> maintainer of the tpm2-software stack (tpm2-tss, tpm2-abrmd and
>> tpm2-tools) orphaned these packages, so I took over maintenance until
>> they were adopted to [community].
>>
>> I am interested in many security-related thing such as Secure Boot,
>> Trusted Platform Modules (TPMs), disk encryption, PGP, ... As such, I am
>> a member of the tpm2-software organisation and a maintainer of tpm2-totp
>> [1]. Recently I have been working on getting Web Key Directory support
>> into pacman for fetching PGP keys independently of the key server
>> network [2,3]. A repository of all my AUR packages can be found on
>> Gitlab [4].
>>
>> If I were accepted as a trusted user, I would take over maintenance of
>> the tpm2-software stack from my sponsor Bruno Pagani. This makes sense
>> since I am an upstream member of tpm2-software anyway and had been
>> maintaining these packages until they were adopted to [community].
>> Another long-time goal as a trusted user would be getting out of the box
>> Secure Boot support for the Arch Linux installation images [5,6].
>>
>> Packages I would like to adopt from the AUR to [community] for starters are:
>>
>> - The rest of the tpm2-software stack: tpm2-tss-engine and tpm2-totp
>> (when they have reached the 1% usage from pkgstats/10 votes on the AUR
>> threshold), tpm2-pkcs11-git (as soon as it gets a release).
>> - clevis and tang (and their dependencies jose, luksmeta)
>> - sbupdate-git (I need to speak to upstream about making a release first)
>> - paperkey
>> - cryptomator
>> - deheader
>> - texworks
>> - pdftk-java (an exact Java reimplementation of the very popular
>> pdftk/pdftk-bin, which is hard to package since it relies on an outdated
>> version of GCC)
>>
>> I am looking forward to working with you and welcome any questions and
>> comments!
>>
>> Cheers,
>> Jonas
>>
>> [1] https://github.com/tpm2-software/tpm2-totp
>> [2] https://bugs.archlinux.org/task/63171
>> [3] https://lists.archlinux.org/pipermail/pacman-dev/2019-July/023493.html
>> [4] https://gitlab.com/diabonas/aur-packages
>> [5] https://bugs.archlinux.org/task/53864
>> [6]
>> https://lists.archlinux.org/pipermail/arch-releng/2019-January/003891.html
>>
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20190905/f359781c/attachment.sig>

More information about the aur-general mailing list