Hello all,
this issue has been on my mind for a while, but I haven’t bothered to
write to the mailing list about it until now.
Before Muflone took over maintainership of the davinci-resolve packages
(including davinci-resolve-studio and davinci-resolve-beta), the
PKGBUILD would automatically download the upstream package from
Blackmagic’s website. While Resolve is proprietary, the non-Studio
version (and the beta) are freely available, requiring not even a proper
login with the vendor. The download link on the website
(https://www.blackmagicdesign.com/products/davinciresolve ) is behind a
“registration” form, but this does not create a user account and to the
best external knowledge, the data entered here is never verified in any
way. Therefore, previous versions of the AUR package either used a
download link obtained by the maintainer after filling out the form with
arbitrary data, or replayed the form submission with fixed data during
prepare(), obtaining a new download link for the user. Either way, the
package contents are obviously always identical (regular hashing
applied). The same is true for packages retrieved through the support
center
(https://www.blackmagicdesign.com/support/family/davinci-resolve-and-fusion
), where in fact the Studio version (which requires a paid license) does
not require the submission of a form at all.
However, Muflone changed this behavior to instead require a
locally-downloaded version of the upstream package in all three cases.
The user reception for this was mixed, additionally caused by the issue
that AUR helpers need the upstream package file located in special cache
directories and not the current working directory. Personally, I am
strongly opposed to this change, but Muflone has deflected criticism by
pointing out that “Packages must not contain black magic or unknown/hard
to understand commands as users are required to check the PKGBUILDs
before installing/updating from AUR”
(https://aur.archlinux.org/packages/davinci-resolve?O=60#comment-1013733 ).
While I agree in spirit, I disagree in this specific case. There are
multiple easy ways of obtaining the package that have been known for
some time; a review of the package commit history confirms this. On the
contrary, some of the changes required to make more technical aspects of
the package work properly will not be easy to understand for users at
times. Furthermore, a careful review of the AUR rules reveals to me that
this kind of direct download is perfectly allowed, since in my opinion
it doesn’t circumvent any real technical measures by the upstream
provider; see elaboration above: form contents are not checked by the
Blackmagic website, and sometimes skippable altogether.
I’m writing to the mailing list to gain clarification on the matter:
whether the manual download is actually more compliant with AUR rules
than what was happening previously (before commit
7351177b553aa3983163450822bf251ec7f7ab75), and whether the previous
approach was even in violation. If not, I’m not sure—if it’s possible
that the AUR maintainers can urge Muflone to change it back, that would
be excellent, but I don’t remember the AUR working that way. Blocking
Muflone and/or orphaning the package is also not a reasonable approach,
unless there is someone to step up to maintainership for the package
(unfortunately not me, as I don’t use Resolve frequently enough, and
often need to stay on older versions due to bugs frequently introduced
in new releases).
I hope I’m not overstepping any lines with this request, but as a user
of the package it is very annoying when a (new) maintainer degrades the
user experience for unclear/nebulous “rules compliance” and refuses to
engage in discussions about it. This is also the reason I am writing
here in the first place, I want to make it clear that I did of course
try to discuss this on the package comment page first; over a year ago
in fact. I also finally want to make it clear that this is not about
piracy of the Studio version in any way shape or form; while the package
download for it is still freely available from Blackmagic, it’s less
important to change the PKGBUILD as the software isn’t free in the first
place.
Greetings,
kleines Filmröllchen
