i am mostly wondering, why should this conflict with 'extra/flashrom' - because of file conflicts, sure; but are both needed? - is 'extra/flashrom' still desirable? or undesirable, or redundant? - is rustiness it's only problem?
some notes about the PKGBUILD: the PKGBUILD builds from VCS, and does not specify a commit, only a tag, which makes it not reproducible - most likely, that could be changed; but we prefer to avoid VCS sources whenever possible anyways - i found that the upstream VCS can generate tarballs; so i tried changing the source to the tarball (also eliminating the 'git' makedepends) - you probably would not have found that tarball - i did not see it on their website - i simply guessed the filename, and it is available in that form however, the tarball is not reproducible either - every download yields a different file - i devised an ugly way to verify the VCS files; but i would discuss this with the arch packager and/or the upstream - ideally, try to convince the upstream to fix their git service; so that it generates reproducible tarballs - as a last resort, try to convince the arch packager to specify the commit hash at the tag, at least - that is how i see it done in most arch PKGBUILDs built from VCS, like: _commit=0123456789 # <- this is tag 'v1.2.3' they do it that way; because git tags are not stable - the "is" above could become "was" at any time - the PKGBUILD may still verify the (new) signature; but it is not truly checking the integrity of the sources, as a tarball checksum does a reminder: never put "# Maintainer (Parabola):" - simply "# Maintainer:" and use lowercase for # Maintainer (aur): - that has no meaning currently; but i have been normalizing all of these, so that th _______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
