On 10/14/18 5:03 PM, Doug Newgard via aur-general wrote: > Decided to take a quick look at your PKGBUILDs, and just a few spot checks > makes me wonder. The first one I click on is apache-flex-sdk, I see that you > aren't the original submitter, so I look at the git log and see that the first > thing you did when taking over this was to remove pgp checks from the source. > WTF. Look at the PKGBUILD, see a totally useless prepare function, ok, not a > big thing. Let's check another one, clicked on flif, see msg2s being used for > no reason and bad conflicts. Click on a couple more, see that those issues > aren't mistakes, they're a fundamental misunderstanding. > > Maybe my perception was colored by that really bad decision to remove the pgp > checks, and while the PKGBUILDs are mostly fine, there seems to be things > about > packaging that you don't understand yet. Is it time to become a TU already?
I usually don't use pgp on my aur packages because people tend to complain a lot about building issues. They fail to handle the keys and start complaining to the packager, and this is a big stress. When dealing with repository packages this is another story, of course. Since this was raised as a main issue, I'll be adding the pgp checks back again. I know that we should not use msg2 because it's makepkg internal. But it helps to diagnose user problems by helping to identify at which stage a build error is happening. For sure I can remove it if required to. ;) Regarding the conflicts situation, now I better understand it. I will start to fix it my packages as soon as possible! :) -- Best regards, Daniel Bermond
signature.asc
Description: OpenPGP digital signature
