[aur-general] TU application: grawlinson
George Rawlinson
george at rawlinson.net.nz
Tue Apr 20 08:07:55 UTC 2021
On 21-04-19 18:52, Brett Cornwall via aur-general wrote:
> Hello, George! Nice to meet you.
Nice to meet you too! :)
> I took a look at some of your packages and have some feedback for you!
>
> ansible-pacman_key
>
> - I like that you added PGP signing since you're upstream as well.
> - License is GPL3, not GPL, which means GPLv2 or any later version [1].
> Just a nitpick.
Thanks for pointing that out, just updated the package.
I'm in the process of upstreaming this module into the community.general
collections, so hopefully it makes the cut soon. I just need a lot more
time. :)
> leocad
>
> - Your cleanup commit makes great improvements when you adopted it.
I really enjoyed cleaning that particular package up. Nice to see my
adjustments are well received.
> libiconv
>
> - Nice job adding PGP verification when adopting
> - HTTPS source can be used instead of HTTP
Updated source protocol, as well as leaving a note in the PKGBUILD
regarding the expired PGP signature. The last release was made prior to
the signature expiring, so hopefully upstream has a new signature by the
next release. It's a fairly stable package, so I don't expect a new
release anytime soon.
> The rest of the packages I viewed left me without comment, which is good.
> You've got a good grasp on best practices for packaging! I particularly like
> how you've heeded the tip on the PKGBUILD wiki page and extracted out an MIT
> license from a readme for a package without a dedicated file. :)
Trial and error. Mostly lots of error. I view packaging as a sort of
puzzle to solve iteratively. It is enjoyable most of the time.
> Overall, it looks very good! I've noticed that your commit messages are
> generally unhelpful, though: They often use a stock "upgpkg: blah" rather
> than actually telling what work was done.
That's actually a fair criticism, which I've used to improve the git log
for the package updates that I've specifically mentioned above.
> I also took a look at the packages you maintain and intend on bringing into
> [community]. Most of those Go packages download vendor libraries on
> buildtime. The Go package guidelines [2] make no mention of vendoring so I'd
> like to get some clarification from someone else on whether or not this is
> kosher.
About that ... ^W^W^W
I see Foxboron has answered that for me. \o/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20210420/caf9e3f3/attachment.sig>
More information about the aur-general
mailing list