[aur-general] Review of clickhouse-static PKGBUILD

[Eli Schwartz]

On 2/10/20 5:02 AM, Felixoid via aur-general wrote:
> Hello, dear TUs and Arch developers.
> 
> I'd like to ask relative the package clickhouse-static[1]. The
> officially supported way to build ClickHouse binaries is static
> linking[2]. And my question: is it possible that the package with the
> current building structure (getting contribs like submodules in
> upstream, static linking etc.) would theoretically come to [community]
> repository?

"upstream recommends using vendored static linking" is not an acceptable
reason to violate the packaging guidelines.

The program *must* build using the system versions of the 46
dependencies listed in the -static package, and the pkgname must be
"clickhouse", not "clickhouse-static", in order to be moved to
community; this is part of the "quality of life" care which defines a
Trusted User's job.

Among other things, this ensures that the openssl and libcurl versions
used are the latest versions which are tracked on the security tracker
and patched with security backports if needed -- something which is
understandably important for anything that is communicating over the
network.

Also, libxml2 from 2 years ago, which is a bit ouch because xml is not
exactly the least-exploited data format ever.

Even linux distributions which build statically by default, will expect
that the program link to the system's lib*.a static library packages
rather than build a custom one.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20200211/ab9542af/attachment.sig>