On 16-11-27 19:41:06, Eli Schwartz via aur-general wrote:
> On 11/27/2016 06:10 PM, Quentin Bourgeois wrote:
> > With this, I come with a simpler PKGBUILD[0] in which I push
> > modifications you advised. I also removed some dependencies that are
> > used for code coverage and building
On 11/29/2016 12:29 AM, Baptiste Jonglez wrote:
>> - you should use git+https:// instead of plain git:// even through the
>> CA world is a bit wonky it still authenticates the server and at the
>> very bare minimum adds confidentiality.
>
> I don't like the "everything-over-HTTP(S)" approach
Hi,
On Mon, Nov 28, 2016 at 12:20:40PM +0100, Levente Polyak wrote:
> > Don't hesitate if you have any questions, or comments on my AUR packages!
>
> Sure, I always take a look at all packages of an applicant and suggest
> changes before I decide how to vote... so here we go :P
Yes, I was
On 11/28/2016 11:26 AM, Levente Polyak wrote:
> When using a commit hash you gain basically two things out of the box:
> - get aware if wonky upstream changes something
> - get an integrity value that a potential attacker must defeat, which
> not be the easiest task for a full commit hash (for a
On 11/28/2016 05:05 PM, Eli Schwartz via aur-general wrote:
> On 11/28/2016 06:20 AM, Levente Polyak wrote:
>> - #tag= should never be used for git packages, instead store the commit
>> hash for the tag and always use the #tag= prefix.
>
> Typo?
>
uuups, you caught me :P My bad! Of cause this
On 11/28/2016 06:20 AM, Levente Polyak wrote:
> linux-mptcp
> - you should use git+https:// instead of plain git:// even through the
> CA world is a bit wonky it still authenticates the server and at the
> very bare minimum adds confidentiality.
Now that you mention it, this does seem rather
Hi Bapiste,
>
> Don't hesitate if you have any questions, or comments on my AUR packages!
>
Sure, I always take a look at all packages of an applicant and suggest
changes before I decide how to vote... so here we go :P
Excuse me if I copy-paste some blocks, its just simpler doing so :)
=== Signoff report for [community-testing] ===
https://www.archlinux.org/packages/signoffs/
There are currently:
* 0 new packages in last 24 hours
* 0 known bad packages
* 0 packages not accepting signoffs
* 0 fully signed off packages
* 28 packages missing signoffs
* 4 packages older than 14