[aur-requests] [PRQ#13586] Deletion Request for popcorntime-stable-bin

Sun Dec 23 02:14:59 UTC 2018

On 12/22/18 6:13 PM, Kostis Karantias via aur-requests wrote:
> It really is not though, the sources are clearly different and there's
> been lots of changes to the PKGBUILD as well. How can I contest this?

The package claims to be "stable" but that means that the other package
is arguably wrong. it makes no sense to have a "stable" package when the
default is supposed to be stable unless the package is suffixed with
something like "-dev" or "-nightly" or "-git".

I would provide the counter-argument to your contestation, that you
should instead discuss it with the maintainer for the other package. Why
does the other package not use stable sources? If there is a
sufficiently good reason to not use stable sources, then why do you want
the stable version? (If you have a reason to want the stable version,
this is an argument against not packaging something else instead as the
default package).

According to the comments on the popcorntime-bin package:

neitsab commented on 2018-02-04 23:57

@lesto who flagged as OOD: No official release happened since 2016-10
(https://github.com/popcorn-official/popcorn-desktop/releases), so
flagging has no basis. If you want the latest build, use
https://ci.popcorntime.sh/job/Popcorn-Time-Desktop/lastSuccessfulBuild/.

....

neitsab commented on 2018-02-05 00:08

I pushed a modified PKGBUILD using the CI builds to get something a bit
fresher. If a new release is ever made, I'll switch back to that. If
you'd rather I create a new package let me know.

...

neitsab commented on 2018-03-23 23:41

I removed the checksums for the downloaded binaries since we are using
the "last successful build" permalink from the CI server. If somebody
would rather this package keep using the old, outdated release from the
main website just say so and I'll create a separate package for the CI
builds.

...
...
...

There are a couple problems with this logic, beginning with the fact
that completely unverified, unchecksummed code is a terrible way to
package anything.

And this doesn't provide a monotonically updating pkgver, because it
doesn't provide any sort of updating pkgver at all. It continually
identifies itself as the latest stable release, even though it packages
different code every time you rebuild it.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-requests/attachments/20181222/6f282646/attachment.asc>