On Sun, Jul 26, 2015 at 2:48 PM, Peter Mattern <[email protected]> wrote:
> Hello. > > Considering the short time AUR 4 is in use the number of commits lacking > an update of .SRCINFO seems to be rather high. > The resulting problem is a cosmetic one only as the actual PKGBUILD > functionality isn't affected but only the package's web page not updated > accordingly. > Yet I wonder whether it would be helpful to reject commits lacking the > update of .SRCINFO if feasible. > Rejecting such commits would be welcome, as this issue is unfortunately more serious than being only a cosmetic details. It also affect the RPC interface that can be used by external programs, such as helpers. > > Actually I wonder as well whether it wouldn't even be better to not have > .SRCINFO written by the packagers before uploading a commit but by aurweb > when commits are received. > This would ensure that problems like the one stated above can't happen and > I for one couldn't figure a downside so far. > > Afaik, the whole point of generating .SRCINFO file on the maintainer machine (rather than the AUR server) is to parse PKGBUILDs accurately without introducing security issues. R.
