[pacman-dev] Package signing in pacman

ari edelkind edelkind+arch-pacman at gmail.com
Fri May 20 08:44:17 EDT 2011

yaro at marupa wrote:
> It's under development. To be honest a lot of Arch users are tired of
> this discussion popping up. If you want it to show up sooner, then you
> could help by submitting patches of your own to the pacman developers.
> It'll get here when it gets here.

This is a poor attitude.  A better attitude would be, "Here's how you
can help: ..."

"... Submitting patches of your own" is an invalid continuation of
that response.  Patches?  For what?  Where's the documentation of the
way it should function?  Where's the documentation of the current
infrastructure?  Where's the specific information about what's left to
do?  Is the information recent?

This page:

... is a "proposal".  It was last edited a year ago.  It does not help.

This page:

... is a "task" ticket, in the tracker, but it doesn't offer much in
the way of relevant information.  It does not help.

This page:

... was updated within the past month, at least, but is, as far as i
can tell, a brain dump for Allan himself.  Information is sparse,
implementation details are almost nonexistent, and TODO items are
vague.  It does not help.

In 2010, based on information present in the above-referenced tracker
ticket, i tried contacting the Arch developers who appeared to be
involved, offering to contribute, and got no response.  Allan's
Package_Signing page didn't exist yet.  As far as i can tell, at this
point, that ticket is even assigned to the wrong person.  You can't
make it difficult for people to contribute and then complain that you
aren't receiving contributions.

I'm not downplaying the effort that Allan (et al.?) has put forth -- i
think it's excellent!  But so far, this has all the markings of a
single-person project, being coded by someone who doesn't _want_

Typically, here's what people who do want contributions supply:
  - an overview of the program internals and general API
  - details about how the current project _should_ function.
  - API notes on what has been implemented for the current project thus far.
  - DETAILS on what portions of the project remain, so that others can
pick them up.

I can do without the overview of program internals.  The latter three
are rather more important.

So, why not adopt a better attitude -- indeed, perhaps a better method
-- and actually try to get contributors?

In case it still isn't clear:
I'd love to help.  I'd love to write patches.  I'd love to submit
them.  I'd love to see pacman package signing in operation, so much so
that i'm willing to devote some of my scant time to do so.  Now,
somebody (Allan?), please make it reasonable for me, and others like
me, to even try.


More information about the pacman-dev mailing list