[aur-general] TU application - bastelfreak
Jelle van der Waa
jelle at vdwaa.nl
Wed Oct 21 21:41:12 UTC 2020
On 18/10/2020 17:39, Tim Meusel via aur-general wrote:
> Hi!
>
> I'm Tim Meusel and I want to spent more time in the Arch Linux community
> and increase the package quality. I first got in touch with open source
> some years ago in the Puppet Community [0] where I started to love
> Puppet and FOSS. At the moment I'm employed at a big ISP where I
> maintain a few thousand systems. My solution of choice for configuration
> management is Puppet because it fulfills all requirements and is easy to
> extend. For a few projects I require up2date systems with modern
> software, that's why i choose Arch Linux. Since Puppet was already
> present in the company, the Arch Linux boxes were puppetized as well. I
> wrote or contributed to multiple packages related to Puppet on Arch
> Linux. foxxx0 and shibumi were so kind to continue maintaining them
> in the official repositories:
Yay, I like seeing applications who want to help maintain packages which
are already in our repositories!
Some notes on your AUR packages:
* choria-io
- 'github.com/choria-io/go-choria/build.BuildDate=$(date '+%F %T %z')'
Recording the build date is non reproducible, will give
reproducibility issues. SOURCE_DATE_EPOCH can be used to make it
reproducible, see https://reproducible-builds.org/docs/source-date-epoch/
- systemd unit could have some systemd hardening applied, see the wiki
or 'man systemd.exec'
https://wiki.archlinux.org/index.php/Arch_package_guidelines/Security#Systemd_services
* log4r
- Package lacks a license=(), upstream url is no longer valid it seems?
* tftp-hpa-destruct
- systemd service could use some hardening
- how did you obtain the LICENSE file? From their official website?
It's interesting it's not in the official tarball :)
Greetings,
Jelle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20201021/f70bf1ed/attachment.sig>
More information about the aur-general
mailing list