Re: [aur-general] TU application; freswa

[Robin Broda via aur-general]

On 5/17/20 5:06 AM, Frederik Schwan via aur-general wrote:
> Changes can be found here:
> https://github.com/freswa/aur/commit/c3778f6bda345f0165289f3a57d36047e6ba5934
> 
> Thank you for doing the review :)

Time for the next round:

Package: datagrip datagrip-jre
'commercial' on line 9 is not a valid license[1], in case of a custom license 
prefix with 'custom:'
Offending line:
license=('commercial')

Package: or-tools-java 
Variable ${srcdir} on line 44 should be quoted as it may contain spaces
Offending line:
sed -i "s#${src#git+}#${srcdir}/${srcfolder}#" 
${srcdir}/${pkgname%-java}-${pkgver}/makefiles/Makefile.third_party.unix.mk
---^

Package: pass-sshaskpass 
'GPLv2' on line 8 is not a valid license[1], in case of a custom license prefix 
with 'custom:'
Offending line:
license=('GPLv2')

Package: pass-sshaskpass-git 
'GPLv2' on line 8 is not a valid license[1], in case of a custom license prefix 
with 'custom:'
Offending line:
license=('GPLv2')

Package: tomighty 
Variable ${srcdir} on line 32 should be quoted as it may contain spaces
Offending line:
  convert ${srcdir}/tomato.ico ${srcdir}/tomato.png

Package: tpacpi-bat-git 
Error: 'GPLv3' on line 9 is not a valid license[1], in case of a custom license 
prefix with 'custom:'
Offending line:
license=('GPLv3')

Package: unifi-beta 
Potentionally unintentional HTTP URL http://www.ubnt.com/ on line 10 should be 
https
Offending line:
url='http://www.ubnt.com/'

Package: youtrack 
'commercial:jetbrains' on line 8 is not a valid license[1], in case of a custom 
license prefix with 'custom:'
Offending line:
license=('commercial:jetbrains')


> 
> Cheers
> Frederik
>

:P

[1] (Currently) valid non-custom licenses are: AGPL3, Apache, Artistic2.0, 
Boost, CCPL, CDDL, CPL, EPL, FDL1.2, FDL1.3, GPL2, GPL3, LGPL2.1, LGPL3, LPPL, 
MPL, MPL2, PHP, PSF, PerlArtistic, RUBY, W3C, ZPL, AGPL, APACHE, FDL, GPL, 
LGPL, Unlicense, BSD, ISC, MIT, OFL, Python, ZLIB

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU application; freswa

[Robin Broda via aur-general]

On 5/6/20 11:19 PM, Frederik Schwan via aur-general wrote:
> Hi everyone,
> my name is Frederik aka freswa and I'm applying to become a Trusted User with 
> svenstaro's and grazzolini's sponsorship.
> 
> I started using Linux around 2004 with some live images of Ubuntu. In 2010, 
> Debian became my main OS. Only a year later I switched to Arch after I 
> screwed up Debian/sid while hunting for the latest kernel.
> I'm interested in DevOps topics, mail server, C, Rust, Go and newer JVM 
> languages such as Kotlin.
> 
> Thanks to svenstaro I've been a bug wrangler since February. You mostly hear 
> from me when I assign bugs to the wrong people from time to time :P

That rings a bell, thanks for helping out with our bugtracker - even if that 
means some things get accidentally assigned wrong :p


> 
> OS contributions:
> - working on the dovecot-xaps code, providing native Mail.app Apple Push for 
> iOS devices
> - maintaining and writing PKGBUILDs for the AUR
> - bug reporting and fixing for several projects
> 
> My AUR packages got reviewed recently by eschwartz, svenstaro and alad - 
> thanks :)
> 

Hey, i just submitted all AUR PKGBUILDs that you are a (co-)maintainer for to 
my PKGBUILD checker and there are a couple of things you should review
most importantly:
- all references to $srcdir & co should be quoted as those might contain 
spaces, leading to undesireable word-splitting
- foo should never conflict/provide foo-git, those relations should work the 
other way around
- http URLs should be upgraded to https when the remote supports it

At the bottom of this mail you'll find the raw checker output, please review 
and adjust as needed :)


> If I become a TU, I'd like to focus on the bug tracker until we have a better 
> solution. I'd also like to help out bug fixing when maintainers are busy, 
> away or on vacation.
> 
> Packages which I would like to move to [Community], some of which are not 
> mine:
> docker-credential-pass
> i3status-rust
> intel-undervolt
> ispin
> mysqltuner
> pdfposter
> pinentry-rofi
> protobuf-go
> sha3sum
> spin
> talosctl
> thermald
> unifi
> woeusb
> 
> I'm aware though that some of these packages do not meet the criteria of 10 
> votes yet. I'll reevaluate whether they meet this criteria from time to time.
> I'd also like to go on helping Eli with maintenance of zfs-dkms and zfs-utils 
> in the AUR.

AUR package maintenance is orthogonal to TU duties ^^ - you should talk to Eli 
directly about this

> 
> In case JetBrains is okay with us packaging their IDE's, I'd also maintain 
> them. But so far all requests I found resulted in a negative response from JB.

As far as i know, JetBrains is quite adamant on people using their "Toolbox" 
for managing JetBrains software, good luck though.

> 
> I am looking forward to working with you!
> Frederik
> 

Good luck with the rest of your application!


Checker output mentioned above:

adobe-icc:
Warning: Potentially unintentional HTTP URL on line 10
Offending line:
url='http://www.adobe.com/support/downloads/iccprofiles/iccprofiles_mac.html'

Warning: Potentially unintentional HTTP URL on line 13
Offending line:
source=('http://download.adobe.com/pub/adobe/iccprofiles/mac/AdobeICCProfilesCS4Mac_end-user.zip'

brother-hl4150cdn:
Warning: Potentially unintentional HTTP URL on line 9
Offending line:
url='http://support.brother.com/g/b/downloadlist.aspx?c=de=de=hl4150cdn_all=127=English'

Warning: Potentially unintentional HTTP URL on line 17
Offending line:

"http://download.brother.com/welcome/dlf005939/hl4150cdnlpr-${pkgver}-${pkgrel}.i386.rpm;

Warning: Potentially unintentional HTTP URL on line 18
Offending line:

"http://download.brother.com/welcome/dlf005941/hl4150cdncupswrapper-${pkgver}-${pkgrel}.i386.rpm;)

datagrip:
Warning: Potentially unintentional HTTP URL on line 9
Offending line:
url='http://www.jetbrains.com/datagrip/'

dovecot-xaps-daemon:
Style: 'conflicts' on line 10 should not contain other variant(s) of 
'dovecot-xaps-daemon'
Offending line:
conflicts=('dovecot-xaps-daemon-git')

dovecot-xaps-plugin:
Style: 'conflicts' on line 11 should not contain other variant(s) of 
'dovecot-xaps-plugin'
Offending line:
conflicts=('dovecot-xaps-plugin-git')

exfat-utils-nofuse:
Error: Potentially unquoted variable may contain spaces and should be quoted on 
line 22
Offending line:
  patch -p0 < ${srcdir}/nofuse.patch

flexbox-udev:
Error: Potentially unquoted variable may contain spaces and should be quoted on 
line 14
Offending line:
  install -Dm644 ${srcdir}/99-tprogrammer.rules 
${pkgdir}/usr/lib/udev/rules.d/99-tprogrammer.rules

gtkhotkey:
Warning: Potentially unintentional HTTP URL on line 17
Offending line:
source=("http://launchpad.net/$pkgname/0.2/$pkgver/+download/$pkgname-$pkgver.tar.gz;

hipchat:
Warning: Potentially unintentional HTTP URL on line 6
Offending line:
# Contributor: Tom Vincent 

imapsync:
Warning: Potentially unintentional HTTP URL on line 8
Offending 

Re: [aur-general] Spam comment

[Robin Broda via aur-general]

On 3/6/20 11:41 AM, Fabius via aur-general wrote:
> User: liteblueson
> Spam comment posted on:
> https://aur.archlinux.org/packages/python2-distutils-extra/#comment-732381
> 

Killed it, thanks for reporting

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] TU application: Jonas Witschel (diabonas)

[Robin Broda via aur-general]

On 9/5/19 5:23 PM, Jonas Witschel wrote:
> Hi all,
> 
> my name is Jonas Witschel (online nick "diabonas" on the
> AUR/GitHub/GitLab/...) and I am applying as an Arch Linux Trusted User
> under the sponsorship of Bruno Pagani and Alad Wenter.
> 
Hi!

Promising application - I spent a few minutes looking over your AUR PKGBUILDs 
as is customary for applicants and...

I've looked over all your AUR PKGBUILDs and must say that they're almost 
spotless - good job!
This makes this PKGBUILD review rather short.

junit-system-rules is fetching a source via http - can this be avoided? 
(http://search.maven.org)
It appears to be reachable via https.

That's all I've found so far.


The packages you want to adopt look useful. The 10 votes metric is more of a 
general recommendation than a rule,
feel free to pull those in without hitting the metric - especially given that 
they are useful in specific security contexts.

Looking forward to this :)

Regards
-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU membership application

[Robin Broda via aur-general]

On 8/17/19 8:49 PM, Jean Lucas wrote:
> Hi Robin,
> 
> On Sat, 2019-08-17 at 10:13 +0200, Robin Broda via aur-general wrote:
>> On 8/16/19 9:19 PM, Jean Lucas via aur-general wrote:
>>> My name is Jean Lucas, and I'm sending this email to submit my
>>> candidacy
>>> for Trusted User member. As per the latest TU bylaws, I'm being
>>> sponsored by both Alexander Rødseth and Sergej Pupykin.
>>
>> How many TUs did you ask for sponsorship, and how many declined?
> 
> In totality, I asked 4 TUs - Alexander, Sergej, Alad, and you.

Why did you not make this clear in your application?

I'm sure you've read the wiki article on Trusted Users[1] -
> *Note*: Should the TU you contact decline to sponsor your application,
> you should make this fact known if you seek sponsorship from another TU.

Have you at least told xyproto & sergej that you have approached alad and me,
and the reason for me declining sponsorship?


> after a follow-up, you declined
> sponsorship for the moment.

Indeed, I did however offer to review any new things.

> I tried reaching out to you over IRC last Sunday, but alas, I probably
> should have done so over email instead.

This is the last i received from you, FWIW
> 0507201 9:00:00  thank you for your feedback! all good points


> That said, I think its a bit unfair to say that I went off and found
> another sponsor without batting an eye - asking Alexander and Sergej
> seemed appropriate as they'd both adopted one of my packages, I had
> worked with you to resolve some of my issues, I've gone over all of my
> packages with a fine-toothed comb many times now, and got more help as
> needed. I didn't suppose that having you decline sponsorship should
> deter me from eventually applying until getting your approval. I regret
> that we didn't have better communication, though.

I don't think that's how it's supposed to work.


>> As explained by others, most of these cannot be moved.
>> Have you talked to your sponsors about this? What have they said
>> about this?
> 
> I did not discuss the moving of those packages with my sponsors. I was
> hoping to get the community's feedback on the ideas.
> 

But they're the perfect people to talk to about this!


>> xyproto, sergej - have you reviewed this application before?
> 
> They did not review my application. I composed it all myself, for which
> I take full responsibility. I had worked on their willingness to
> sponsor me and sent what I considered to be a fair application ready
> for community feedback.
> 

Welp, we cannot really move forward with this unless your sponsors are willing
to sign off on your application, anyways.


All in all I'm fairly disappointed in how rushed you are with this.
You went through 4 people, and at least one has brought up concerns,
the others likely being unaware...


[1] https://wiki.archlinux.org/index.php/Trusted_Users

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU membership application

[Robin Broda via aur-general]

On 8/16/19 9:19 PM, Jean Lucas via aur-general wrote:
> Hi all,
> 
> My name is Jean Lucas, and I'm sending this email to submit my candidacy
> for Trusted User member. As per the latest TU bylaws, I'm being
> sponsored by both Alexander Rødseth and Sergej Pupykin.

How many TUs did you ask for sponsorship, and how many declined?
For the record, flacks has approached me a few weeks ago and asked for 
sponsorship.
I had reviewed his PKGBUILDs and suggested many fixes at the time,
and also explained that I do not think it is time yet to move forward with a TU 
application.
I offered reviewing his future things, and helping with general mentoring,
however it seems like my offer was not taken - instead you just found someone 
else
to sponsor you without batting an eye... Off to a great start.


> 
> If I were accepted to become a TU, I'd like to adopt and move the
> following packages (all having over 10 votes in the AUR) from the AUR
> into [community]:
> 
> anydesk, downgrade, exercism, flutter, godot, itch, mattermost-desktop,
> nvm, reaper, spotify, teamviewer, thermald, unity-editor, and unityhub,
> for starters!

As explained by others, most of these cannot be moved.
Have you talked to your sponsors about this? What have they said about this?


> 
> Best regards,
> 
> Jean Lucas
> 
> 
> [1] https://aur.archlinux.org/account/flacks
> [2] https://aur.archlinux.org/cgit/aur.git/log/?h=ghidra-git
> 


xyproto, sergej - have you reviewed this application before?
Given that there hasn't been an ACK from any of you guys after the application 
was posted, i doubt it...

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] PKGBUILD rfc

[Robin Broda via aur-general]

On 8/5/19 9:51 AM, Vladimir Bauer via aur-general wrote:
> Hi!
> 
> I have a PKGBUILD I would like to submit:
> https://github.com/vbauerster/getparty-PKGBUILD
> 
> What is further steps?
> 

pacman, sudo, and git are not dependencies of your package.
They should not be in depends=()

The PKGBUILD does not follow the golang packaging guidelines outlined on our 
wiki.

The git ls-remote dance in build() makes no sense. Pull the source from git 
directly instead.
(If you do that, git becomes a makedep)

Stylistically, pkgdesc shouldn't end on punctuation.

References to $srcdir are redundant in your entire PKGBUILD.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Fwd: [AUR] esp-idf

[Robin Broda via aur-general]

On 6/30/19 6:35 PM, Gonçalo Pereira via aur-general wrote:
> Hello,
> This package is outdated for a month and the maintainer grabbed the package 
> in 
> the beggining of this year and never touched it.
> I tried contacting him and nothing. Maybe I can maintain this package? (I was 
> the last packager).
> Let me know what you think.
> Best Regards,
> Gonçalo Pereira (G-Pereira)
> 

We have a requests system for that, as you should know.
Feel free to submit a regular orphan request if the package needs maintainer 
action.

Note, however, that i don't think your proposal in the comments of that package 
make much sense
(as i had mentioned there earlier that month). So if that's all you want to 
change,
maybe don't.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Account

[Robin Broda via aur-general]

Hi -

On 6/13/19 8:57 PM, Gonçalo Pereira wrote:
> I get it that you're pissed off with me and I agreed with the reason that got 
> me suspended and giving an overview of the requests I've made I can see how 
> unproductive it was that kind of "contributions".
> At the moment it's just sad that I see a package broken or outdated and I 
> can't even drop a comment calmly suggesting the change. I indeed got out of 
> line but now I understand that this mailing list can serve to ask for 
> opinions instead of just filing an orphan request. I don't plan to be a pain 
> in the ass with the mailing list and I am not comfortable knowing that I am 
> bothering you with this email.
> Overall I just mean that I understand that my way of interacting on AUR 
> hasn't been all that great and even so I've been forgiven a lot.
> Hope you can understand my point.
> 
> Best Regards,
> Gonçalo Pereira

I think this is actually worded fairly well, and (unlike some earlier mails) 
appears to be truly genuine.

It's been a few months.
I feel like you have improved since back then, and the other team members I've 
been chatting with share the same feeling
- we've come to the conclusion that we'll give you another chance.
This, however, is gonna be your last one - no warnings.

I'll unsuspend you at some point tomorrow (Friday, CEST), please use the 
remaining few hours of your suspension to reflect on this issue.


So, anyways, welcome back. And good (universal greeting time) night.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Account

[Robin Broda via aur-general]

On 6/13/19 8:32 PM, Aniket Pradhan wrote:
> Hello Radislav and everyone!
> 
> I am not sure I get a vote, but Aye! (Sorry, but had to use this quote :P)
> 
>> We are all sometimes doing strange things
> I agree with this. I suspect Goncalo was/is being naive here. He
> probably had no idea that one cannot just take over a package
> maintainership like that.
> 

This isn't the first time that has happened, it's not even the second time this 
has happened.


> Maybe he just liked the _said_ package and wanted to maintain it. It
> was definitely strange, but at least he was honest and didn't try to
> make another account and spam the same thing (I am not giving ideas).
> Other than that, he is still interested in trying to develop some
> packages (because he wants to get unblocked) and help the community.
> 

Besides this not being the first time, it's also not the only reason.
There have been numerous dances on our bugtracker too, among other things.


> In my opinion, a six-month ban is sufficient for a person who wants to
> try the AUR out, and want to learn more about it. However, if he
> commits the same mistakes after giving out many warnings, then I'd say
> its time for a permanent banhammer.
> 

This has happened, and it's barely even been a full 6 months
- with Goncalo requesting pardon every few weeks, like jeez.

It's not even a real timeout - for us at least -
if all that happens is that the annoyance shifts from the AUR & co to
him begging on the ML.

> 
> Regards
> 
> Aniket Pradhan
> Byld Member
> ECE Undergrad | IIIT Delhi
> http://home.iiitd.edu.in/~aniket17133/
> 
> P.S. I just went through his orphan requests and a few comments and
> replies. Sorry if I don't know the whole story but just want to help a
> fellow peer and get him a second chance. :D
> 

I encourage you to dig in the archives and read about the other issues.
Get a more complete picture of the topic you're commenting on
instead of looking at the last thread only...

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] SPAM in AUR comment

[Robin Broda via aur-general]

On 5/21/19 9:46 AM, rho eat via aur-general wrote:
> Hello,
> 
> I have been receiving spam comment in my aur package
>  few month now,
> which is increasing, and now "Submiting Request" for Deletion, I came here
> reading post  in arch
> wiki.
> 
> 
> Regards
> rhoit
> 

Thanks for the report, i have suspended the 9 accounts, deleted the comments, 
and rejected the bogus request.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] New to makepkg, can someone have a look at my scripts?

[Robin Broda via aur-general]

On 5/13/19 1:20 PM, Roberto Rossini wrote:
> Can someone please check if they are ok and maybe give me some feedback on
> things that I can improve?
> 
>- Canu - https://aur.archlinux.org/packages/canu/

- please don't end $pkgdesc with punctuation
- 'canu' shouldn't be in provides=(), as a package implicitly provides itself
- 'canu' shouldn't be in conflicts=() - this is impossible
- why is there a backup=() entry for a file in /usr/bin/?
- line 26 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 32 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 37 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 40 $file may contain spaces and should thus be quoted to prevent word 
splitting
- line 40 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 44 $file may contain spaces and should thus be quoted to prevent word 
splitting
- line 40 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 47 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 48 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 50 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 51 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 52 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting

also, fwiw, `cd $srcdir` is a no-op as a first command in any of these 
functions,
they all implicitly start in $srcdir


>- StringTie - https://aur.archlinux.org/packages/stringtie/

- please don't end $pkgdesc with punctuation
- 'stringtie' shouldn't be in provides=(), as a package implicitly provides 
itself
- 'stringtie' shouldn't be in conflicts=() - this is impossible
- line 23 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 29 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 34 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 36 $srcdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 36 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 38 $pkgdir may contain spaces and should thus be quoted to prevent word 
splitting
- line 38 the license 'Artistic2.0' is a common license and does not need to be 
installed explicitly


>- Diamond-git - https://aur.archlinux.org/packages/diamond-aligner-git/

- please don't end $pkgdesc with punctuation
- 'git' should be part of makedepends=() as it is required to pull git+https 
sources
- line 55 the license 'GPL3' is a common license and does not need to be 
installed explicitly


> 
> Best regards
> 
> Roberto R.
> 


Hope that helps :)

Take a look at https://coderobe.net/pkgbuild for an experimental (and forever 
incomplete) sanity checker.
It can catch some of these issues automagically ;)

Regards
-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Are AUR VCS packages that depend on AUR VCS packages from other projects a good idea and who should decide on that ?

[Robin Broda via aur-general]

On 5/6/19 12:28 PM, Lone_Wolf wrote:
> Quoting myself :
> 
> On 05-05-2019 00:24, Lone_Wolf wrote:
>> Whether those PKGBUILDs will be used in future aur mesa-git , exclusively in 
>> aur lone_wolf-* packages or not present in AUR at all is a decision TUs must 
>> take.
>>
> 
> If no decision has been reached by june 3, I'll submit deletion requests for 
> those 6 packages myself.
> 
> LVV

What decision is there to be reached by anyone?

I am a TU and I merely quoted a page off our Wiki to you.

Going by that "rule", I don't think lone_wolf-* packages have a place in the 
AUR.
Unless you can figure out a better, fitting name.

As it stands i still don't see how these pkgbuilds solve anything.
Now, instead of editing one word in the PKGBUILD you supply an env var...

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Are AUR VCS packages that depend on AUR VCS packages from other projects a good idea and who should decide on that ?

[Robin Broda via aur-general]

On 5/5/19 12:24 AM, Lone_Wolf wrote:
> I have decided how to proceed with mesa trunk / llvm trunk building.
> 
> There are now 6 lone_wolf-* packages in AUR that show how I want to do things.
> 
> 
> Although Scimmia intensely disliked it, I have implemented the environment 
> variable idea in lone_wolf-mesa-git .
> 
> First tests are promising, I could succesfully build mesa trunk against 
> stable llvm with this command :
> 
> lone_wolf_use_llvm=4 makepkg -Crs
> 
> After some more testing I'll use the same method in lone_wolf-lib32-mesa-git .
> 
> 
> Whether those PKGBUILDs will be used in future aur mesa-git , exclusively in 
> aur lone_wolf-* packages or not present in AUR at all is a decision TUs must 
> take.
> 
> 
> I uploaded my first AUR package somewhere in 2006 and would hate to have to 
> take my packages elsewhere.
> 
> However TUs have always been the people that administer AUR not the users. IF 
> TUs tell me my packages are not wanted in AUR I have to follow my own 
> personal standards and remove the packages.
> 
> Waiting for a decision, Lone_Wolf

>Rules of Submission[1]

Make sure the package you want to upload is useful. Will anyone else want to 
use this package? Is it extremely specialized? If more than a few people would 
find this package useful, it is appropriate for submission.


A package so specialized that you have to prefix it with your username because 
you cannot think of anything more useful does not comply with this rule, fwiw.


[1] 
https://wiki.archlinux.org/index.php/Arch_User_Repository#Rules_of_submission

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Spammy post on cntlm's AUR page

[Robin Broda via aur-general]

On 5/2/19 10:11 PM, Oon-Ee Ng via aur-general wrote:
> Latest post, the only one by this account -
> https://aur.archlinux.org/account/RonaldSteele - post unrelated to other
> comments on cntlm and links to dodgy blog.
> 
> Account just registered today. Surprised there's only one post so far.
> 

Comment removed & account suspended indefinitely.

Thanks for the report

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] [AUR] etcher package co-maintainer

[Robin Broda via aur-general]

On 4/23/19 6:42 PM, Robin Broda via aur-general wrote:
> For the record, user gin078 - who the original mail was supposedly from - has 
> since adopted etcher, as it was an orphan anyways.
> You weren't even the *previous* maintainer of the package, as haavard had 
> been maintaining it for a while.
> 

Correction: gpereira was comaintainer of etcher, and as haavard - the previous 
maintainer - orphaned etcher, the next comaintainer was promoted to maintainer 
- so you were indeed maintainer of the package for just under a week by mistake.

Anyways, that has been fixed.

The other points still hold.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] [AUR] etcher package co-maintainer

[Robin Broda via aur-general]

On 4/23/19 2:57 PM, Gonçalo Pereira via aur-general wrote:
> Good afternoon, I would be happy to add you.

Even if you were unsuspended, you wouldn't be the person handing out 
(co)maintainer status as you do not - and have not - owned any packages.


> However my account is currently suspended. I am receiving a lot of this 
> requests like yours for this and other packages I was maintaining.

I doubt that this is true.


> I am hoping I can now ask to unsuspend my account in other to contribute to 
> this and many other packages.

What kind of tactic is this supposed to be?


> Sincerely,
> Gonçalo Pereira

Request denied.

For the record, user gin078 - who the original mail was supposedly from - has 
since adopted etcher, as it was an orphan anyways.
You weren't even the *previous* maintainer of the package, as haavard had been 
maintaining it for a while.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] spam messages, cndrvcups-lb

[Robin Broda via aur-general]

On 4/16/19 2:46 PM, Lone_Wolf wrote:
> Hi,
> 
> 
> While it's been quiet for sometime 
> https://aur.archlinux.org/packages/cndrvcups-lb/ has 2 advertising spam 
> messages in the last 5 days.
> 
> The accounts used don't maintain any packages and have made no other comments.
> 
> Please remove the messages and block/remove the accounts.
> 
> 
> Lone_Wolf

cleaned it up and suspended the accounts, thanks for the report

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Delete Git tree for new package with broken state

[Robin Broda via aur-general]

On 3/27/19 1:43 PM, lambdadroid via aur-general wrote:
> Hi,
> 
> I've been trying to upload packages from archlinux-me176c [1] to the
> AUR. My scripts create a subtree split of one package, then do quite
> a bit of other magic and upload it to the AUR.
> 
> I've been having a few problems with "linux-me176c"
> because I used to have large patch files in the repository (> 250 KiB).
> So I modified the scripts to cut off the history after I switched to
> fetching from a Git repository instead.
> 
> This works fine, but while testing I seem to have uploaded a broken
> subtree or some temporary commit, so the new generated subtrees no
> longer match what is uploaded on the AUR - making it impossible for me
> to update the package (without force-push).
> 
> Deleting the package on the AUR was accepted automatically because of:
>Deletion of a fresh package requested by its current maintainer.
> but I should have read on the wiki first that this does not delete the
> Git tree. :)
> 
> Is there any chance to remove the Git repository of this new package,
> or should I somehow try to recover that broken state?
> 
> Thanks,
> lambdadroid
> 
> [1]: https://github.com/me176c-dev/archlinux-me176c
> 

there's no broken state. pull from the AUR remote and rebase your commits on 
top of that

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] The Impossible, or: Static analysis of PKGBUILDS (was Re: Enforcing AUR package quality)

[Robin Broda via aur-general]

TL;DR:

I think this is a people-problem that cannot be solved like this.

alad pointed out on IRC that:
> the bug reports pre-srcinfo which tried to parse bash and terribly failed
> people actually hacked around their PKGBUILDs so the right information would 
> show on aurweb

This is going to repeat itself.

If you're looking to increase the mean quality of AUR PKGBUILDs,
the first thing that might have to be done is a change of policy.

I think that if "builds in a clean chroot" (+ a better page on how to)
was a rule for AUR submission, people would *automatically* take more care.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] The Impossible, or: Static analysis of PKGBUILDS (was Re: Enforcing AUR package quality)

[Robin Broda via aur-general]

On 2/28/19 5:41 PM, alad via aur-general wrote:
> That's the issue though, how do you do static analysis of a PKGBUILD - a 
> random bash script which should include certain named functions and variables 
> - without executing it? For example, mksrcinfo simply sources the PKGBUILD, 
> i.e. evaluates it in bash.

You can't.

> The aura AUR helper has a side-project which tries to check PKGBUILDs for 
> "security issues" in Haskell. I'm not sure how well this approach scales 
> though.
> 
> https://github.com/aurapm/aura/blob/master/aura/lib/Aura/Pkgbuild/Security.hs

Please don't even consider "scaling" this approach, as it's based on broken 
assumptions about bash.

I recall tearing that one apart in #archlinux-aur when the developer was around.
Here's a short recap for people seriously thinking this is a solid idea 
whatsoever:

> https://github.com/aurapm/aura/blob/master/aura/lib/Aura/Pkgbuild/Security.hs#L53

All it does is effectively blacklist a couple programs in PKGBUILD contexts.

The ScriptRunning test doesn't actually matter at all,
as `eval` and `bash` calls are redundant.
`eval $mycode` is the same as `$mycode`

This effectively undermines any of the security checks at all,
as you can wrap whatever you're doing in quotes and then deref the variable to 
defeat any tests.

Here's a thing that will probably not be caught by anything right now,
with the payload stored in source=() - which is,
due to the nature of url fragments, irrelevant to the rest of the build process:
```
source=('https://coderobe.net/myprogram.tar.gz#ZWNobyBoYXg=')
<<< ${source[0]} cut -d'#' -f2 | $(base64 -d)
```

Now that we have established that, to my knowledge,
there is no program that is able to statically parse bash in such a way
that it can reliably figure out what code is actually executed - or even 
present at all,
i think it becomes clear that any sort of automatic analysis of security - or 
even just correctness
of a given PKGBUILD is futile.

This, plus what has already been said before about the reliability of namcap,
should be enough of an indicator that doing this without evaluation is 
currently effectively impossible.
Discussing it here - especially in a (derailed) TU application just leads to 
bikeshedding and threads
long enough to repel anyone that isn't already involved in it.


Aside from that:
You can't even automatically figure out the dependencies of a given program.
Even ELFs can dlopen() arbitrary libraries at runtime which may or may not be 
required.
A mandatory scoring system of the kind that has been proposed in this thread is 
anything but a good idea.
-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Account Status

[Robin Broda via aur-general]

On 2/12/19 11:47 PM, Gonçalo Pereira via aur-general wrote:
> Hello,
> 
> My account was suspended a few months ago
It's been almost exactly one month, not "a few". 

> I would like to continue helping to fix packages
> even though I haven't been decent in previous incidents.

Attempting to take over packages by flat out lying is not helping.

> 
> Can I get my account unsuspended?

No, you will not get your account unsuspended this fast - if at all.

> 
> Hope you can understand,

It appears to me that you might be the one that should understand that your 
previous behavior -
which you've been warned about several times, and suspended for several times, 
is not acceptable.

Usually i would mark my calendar and unsuspend you at some point,
but considering that - with the multiple chances you had - you didn't seem to 
really
acknowledge that whatever you did wasn't nice, i don't plan to for now.

There is no 'get out of jail free'-card here, try again in a couple months the 
earliest.

> 
> Regards,
> 
> Gonçalo Pereira
> 

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] I want to update gtkhtml4 in AUR

[Robin Broda via aur-general]

On 1/28/19 2:04 AM, hagar wrote:
> I am concerned that the experienced users of tgis list dont seem to want to 
> help "newbies"
> 
> Any time they feel a question is in the realm of "Common Sense" they seem to 
> make "Assumptions"
> 
> then the user is summarily "told off".
> 

If i may, https://imgur.com/HEADYxp - reusable help served fresh.

> 
> A general question to the community.
> 
> Do you want new users or not?
> 

I don't think we're fishing for new users, no.

> 
> You cant just tell people that it is well documented.
> 

Yes we can, that's what documentation is for after all!
Reliable information to help you figure out what's happening.

> Just my 0.02 cents worth.
-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Purge of packages orphaned, out-of-date, and last updated before 2017

[Robin Broda via aur-general]

On 1/27/19 1:20 PM, Christian Rebischke via aur-general wrote:
> I don't understand why we should delete orphaned packages in the AUR at
> all. They are not harmful (like blowing up our repository like it would
> do in community) nor are they unused only because they are orphaned.
> 
> I prefer having a big archive of orphaned packages with the chance that
> somebody adopts the package and finds a PKGBUILD as base to work on.

Completely agree

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] What happened to wine-gaming-nine?

[Robin Broda via aur-general]

On 1/23/19 12:37 AM, Alex Smith via aur-general wrote:
> I am curious as to what happened to the AUR package named "wine-gaming-
> nine". Did the account behind it get banned? Or was it simply deleted
> because it was out of date.
> 

multilib/wine-staging-nine happened

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Batch-Orphan announcement (337 packages) (was: Account suspension)

[Robin Broda via aur-general]

On 1/18/19 1:16 PM, Anton T Johansson wrote:
> 
> I could do a PKGBUILD sourcing the AppImage if there's interest.
> 

Please never do this. It'll only lead to your package getting removed.

AppImage is its own packaging format,
repackaging it for the AUR when there are alternatives (there are)
is terrible - 
among other reasons that i don't feel like pointing out every time.

Regards

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Batch-Orphan announcement (337 packages) (was: Account suspension)

[Robin Broda via aur-general]

On 1/14/19 1:00 AM, Robin Broda via aur-general wrote:
> I am going to orphan all 337 packages maintained by GPereira in a couple of 
> hours;
> Those are going to inevitably rot during the rather long-term account 
> suspension anyways.
> 
> The packages are:
> 
> arcus-beta
> can-utils
> can-utils-git
> cura-beta
> curaengine-beta
> esp-idf
> fcl
> gazebo
> ideamaker
> libdart
> linuxcnc
> opensplice-dds
> osmc-installer-bin
> roboware-studio
> ros-kinetic-common-tutorials
> ros-kinetic-convex-decomposition
> ros-kinetic-desktop
> ros-kinetic-desktop-full
> ros-kinetic-diff-drive-controller
> ros-kinetic-geometry-tutorials
> ros-kinetic-ivcon
> ros-kinetic-laser-pipeline
> ros-kinetic-nodelet-tutorial-math
> ros-kinetic-perception
> ros-kinetic-pluginlib-tutorials
> ros-kinetic-pr2-description
> ros-kinetic-ros-tutorials
> ros-kinetic-roscpp-tutorials
> ros-kinetic-rospy-tutorials
> ros-kinetic-simulators
> ros-kinetic-turtle-actionlib
> ros-kinetic-turtle-tf
> ros-kinetic-turtle-tf2
> ros-kinetic-urdf-sim-tutorial
> ros-kinetic-urdf-tutorial
> ros-kinetic-viz
> ros-kinetic-webkit-dependency
> ros-melodic-actionlib
> ros-melodic-actionlib-msgs
> ros-melodic-actionlib-tutorials
> ros-melodic-angles
> ros-melodic-audio-capture
> ros-melodic-audio-common
> ros-melodic-audio-common-msgs
> ros-melodic-audio-play
> ros-melodic-bond
> ros-melodic-bond-core
> ros-melodic-bondcpp
> ros-melodic-bondpy
> ros-melodic-camera-calibration
> ros-melodic-camera-calibration-parsers
> ros-melodic-camera-info-manager
> ros-melodic-catkin
> ros-melodic-class-loader
> ros-melodic-cmake-modules
> ros-melodic-common-msgs
> ros-melodic-common-tutorials
> ros-melodic-compressed-depth-image-transport
> ros-melodic-compressed-image-transport
> ros-melodic-control-msgs
> ros-melodic-control-toolbox
> ros-melodic-controller-interface
> ros-melodic-controller-manager
> ros-melodic-controller-manager-msgs
> ros-melodic-cpp-common
> ros-melodic-cv-bridge
> ros-melodic-depth-image-proc
> ros-melodic-desktop
> ros-melodic-desktop-full
> ros-melodic-diagnostic-aggregator
> ros-melodic-diagnostic-analysis
> ros-melodic-diagnostic-common-diagnostics
> ros-melodic-diagnostic-msgs
> ros-melodic-diagnostic-updater
> ros-melodic-diagnostics
> ros-melodic-diff-drive-controller
> ros-melodic-dynamic-edt-3d
> ros-melodic-dynamic-reconfigure
> ros-melodic-easy-markers
> ros-melodic-eigen-conversions
> ros-melodic-eigen-stl-containers
> ros-melodic-executive-smach
> ros-melodic-filters
> ros-melodic-forward-command-controller
> ros-melodic-gazebo-dev
> ros-melodic-gazebo-msgs
> ros-melodic-gazebo-plugins
> ros-melodic-gazebo-ros
> ros-melodic-gazebo-ros-control
> ros-melodic-gazebo-ros-pkgs
> ros-melodic-gencpp
> ros-melodic-geneus
> ros-melodic-genlisp
> ros-melodic-genmsg
> ros-melodic-gennodejs
> ros-melodic-genpy
> ros-melodic-geographic-msgs
> ros-melodic-geometric-shapes
> ros-melodic-geometry
> ros-melodic-geometry-msgs
> ros-melodic-geometry-tutorials
> ros-melodic-geometry2
> ros-melodic-gl-dependency
> ros-melodic-hardware-interface
> ros-melodic-image-common
> ros-melodic-image-geometry
> ros-melodic-image-pipeline
> ros-melodic-image-proc
> ros-melodic-image-publisher
> ros-melodic-image-rotate
> ros-melodic-image-transport
> ros-melodic-image-transport-plugins
> ros-melodic-image-view
> ros-melodic-interactive-marker-tutorials
> ros-melodic-interactive-markers
> ros-melodic-joint-limits-interface
> ros-melodic-joint-state-controller
> ros-melodic-joint-state-publisher
> ros-melodic-joy
> ros-melodic-joy-listener
> ros-melodic-joystick-drivers
> ros-melodic-kalman-filter
> ros-melodic-kdl-conversions
> ros-melodic-kdl-parser
> ros-melodic-kdl-parser-py
> ros-melodic-laser-assembler
> ros-melodic-laser-filters
> ros-melodic-laser-geometry
> ros-melodic-laser-pipeline
> ros-melodic-libmavconn
> ros-melodic-librviz-tutorial
> ros-melodic-map-msgs
> ros-melodic-mavlink
> ros-melodic-mavros
> ros-melodic-mavros-extras
> ros-melodic-mavros-msgs
> ros-melodic-media-export
> ros-melodic-message-filters
> ros-melodic-message-generation
> ros-melodic-message-runtime
> ros-melodic-mk
> ros-melodic-nav-msgs
> ros-melodic-nodelet
> ros-melodic-nodelet-core
> ros-melodic-nodelet-topic-tools
> ros-melodic-nodelet-tutorial-math
> ros-melodic-octomap
> ros-melodic-octovis
> ros-melodic-orocos-kdl
> ros-melodic-pcl-conversions
> ros-melodic-pcl-msgs
> ros-melodic-pcl-ros
> ros-melodic-perception
> ros-melodic-perception-pcl
> ros-melodic-pid
> ros-melodic-pluginlib
> ro

Re: [aur-general] Batch-Orphan announcement (337 packages) (was: Account suspension)

[Robin Broda via aur-general]

I am going to orphan all 337 packages maintained by GPereira in a couple of 
hours;
Those are going to inevitably rot during the rather long-term account 
suspension anyways.

The packages are:

arcus-beta
can-utils
can-utils-git
cura-beta
curaengine-beta
esp-idf
fcl
gazebo
ideamaker
libdart
linuxcnc
opensplice-dds
osmc-installer-bin
roboware-studio
ros-kinetic-common-tutorials
ros-kinetic-convex-decomposition
ros-kinetic-desktop
ros-kinetic-desktop-full
ros-kinetic-diff-drive-controller
ros-kinetic-geometry-tutorials
ros-kinetic-ivcon
ros-kinetic-laser-pipeline
ros-kinetic-nodelet-tutorial-math
ros-kinetic-perception
ros-kinetic-pluginlib-tutorials
ros-kinetic-pr2-description
ros-kinetic-ros-tutorials
ros-kinetic-roscpp-tutorials
ros-kinetic-rospy-tutorials
ros-kinetic-simulators
ros-kinetic-turtle-actionlib
ros-kinetic-turtle-tf
ros-kinetic-turtle-tf2
ros-kinetic-urdf-sim-tutorial
ros-kinetic-urdf-tutorial
ros-kinetic-viz
ros-kinetic-webkit-dependency
ros-melodic-actionlib
ros-melodic-actionlib-msgs
ros-melodic-actionlib-tutorials
ros-melodic-angles
ros-melodic-audio-capture
ros-melodic-audio-common
ros-melodic-audio-common-msgs
ros-melodic-audio-play
ros-melodic-bond
ros-melodic-bond-core
ros-melodic-bondcpp
ros-melodic-bondpy
ros-melodic-camera-calibration
ros-melodic-camera-calibration-parsers
ros-melodic-camera-info-manager
ros-melodic-catkin
ros-melodic-class-loader
ros-melodic-cmake-modules
ros-melodic-common-msgs
ros-melodic-common-tutorials
ros-melodic-compressed-depth-image-transport
ros-melodic-compressed-image-transport
ros-melodic-control-msgs
ros-melodic-control-toolbox
ros-melodic-controller-interface
ros-melodic-controller-manager
ros-melodic-controller-manager-msgs
ros-melodic-cpp-common
ros-melodic-cv-bridge
ros-melodic-depth-image-proc
ros-melodic-desktop
ros-melodic-desktop-full
ros-melodic-diagnostic-aggregator
ros-melodic-diagnostic-analysis
ros-melodic-diagnostic-common-diagnostics
ros-melodic-diagnostic-msgs
ros-melodic-diagnostic-updater
ros-melodic-diagnostics
ros-melodic-diff-drive-controller
ros-melodic-dynamic-edt-3d
ros-melodic-dynamic-reconfigure
ros-melodic-easy-markers
ros-melodic-eigen-conversions
ros-melodic-eigen-stl-containers
ros-melodic-executive-smach
ros-melodic-filters
ros-melodic-forward-command-controller
ros-melodic-gazebo-dev
ros-melodic-gazebo-msgs
ros-melodic-gazebo-plugins
ros-melodic-gazebo-ros
ros-melodic-gazebo-ros-control
ros-melodic-gazebo-ros-pkgs
ros-melodic-gencpp
ros-melodic-geneus
ros-melodic-genlisp
ros-melodic-genmsg
ros-melodic-gennodejs
ros-melodic-genpy
ros-melodic-geographic-msgs
ros-melodic-geometric-shapes
ros-melodic-geometry
ros-melodic-geometry-msgs
ros-melodic-geometry-tutorials
ros-melodic-geometry2
ros-melodic-gl-dependency
ros-melodic-hardware-interface
ros-melodic-image-common
ros-melodic-image-geometry
ros-melodic-image-pipeline
ros-melodic-image-proc
ros-melodic-image-publisher
ros-melodic-image-rotate
ros-melodic-image-transport
ros-melodic-image-transport-plugins
ros-melodic-image-view
ros-melodic-interactive-marker-tutorials
ros-melodic-interactive-markers
ros-melodic-joint-limits-interface
ros-melodic-joint-state-controller
ros-melodic-joint-state-publisher
ros-melodic-joy
ros-melodic-joy-listener
ros-melodic-joystick-drivers
ros-melodic-kalman-filter
ros-melodic-kdl-conversions
ros-melodic-kdl-parser
ros-melodic-kdl-parser-py
ros-melodic-laser-assembler
ros-melodic-laser-filters
ros-melodic-laser-geometry
ros-melodic-laser-pipeline
ros-melodic-libmavconn
ros-melodic-librviz-tutorial
ros-melodic-map-msgs
ros-melodic-mavlink
ros-melodic-mavros
ros-melodic-mavros-extras
ros-melodic-mavros-msgs
ros-melodic-media-export
ros-melodic-message-filters
ros-melodic-message-generation
ros-melodic-message-runtime
ros-melodic-mk
ros-melodic-nav-msgs
ros-melodic-nodelet
ros-melodic-nodelet-core
ros-melodic-nodelet-topic-tools
ros-melodic-nodelet-tutorial-math
ros-melodic-octomap
ros-melodic-octovis
ros-melodic-orocos-kdl
ros-melodic-pcl-conversions
ros-melodic-pcl-msgs
ros-melodic-pcl-ros
ros-melodic-perception
ros-melodic-perception-pcl
ros-melodic-pid
ros-melodic-pluginlib
ros-melodic-pluginlib-tutorials
ros-melodic-polled-camera
ros-melodic-position-controllers
ros-melodic-ps3joy
ros-melodic-python-orocos-kdl
ros-melodic-python-qt-binding
ros-melodic-qt-dotgraph
ros-melodic-qt-gui
ros-melodic-qt-gui-cpp
ros-melodic-qt-gui-py-common
ros-melodic-qwt-dependency
ros-melodic-random-numbers
ros-melodic-realtime-tools
ros-melodic-resource-retriever
ros-melodic-robot
ros-melodic-robot-state-publisher
ros-melodic-ros
ros-melodic-ros-base
ros-melodic-ros-comm
ros-melodic-ros-core
ros-melodic-ros-emacs-utils
ros-melodic-ros-environment
ros-melodic-ros-tutorials
ros-melodic-rosbag
ros-melodic-rosbag-migration-rule
ros-melodic-rosbag-storage
ros-melodic-rosbaglive
ros-melodic-rosbash
ros-melodic-rosboost-cfg
ros-melodic-rosbuild
ros-melodic-rosclean
ros-melodic-rosconsole
ros-melodic-rosconsole-bridge
ros-melodic-roscpp
ros-melodic-roscpp-core

Re: [aur-general] Account suspension

[Robin Broda via aur-general]

On 1/14/19 12:16 AM, Gonçalo Pereira wrote:
> Hope you can take me back in the AUR community.
> Again, I am sorry and will take AUR more seriously and calm.
> 

Declined, at least for now.

You've been given more than one chance in the past for exactly the same 
behavior.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Account suspension

[Robin Broda via aur-general]

On 1/13/19 9:22 PM, Gonçalo Pereira wrote:
> Hey,
> 
> Can I get my account unblocked? I am sorry. I would like to answer to
> comments on one of the packages I mantain.
> 
> Hope I am contacting the right channel.
> 
> Best Regards,
> 
> Gonçalo Pereira
> 

No.

Feel free to read the ML thread(s) with the reasoning to why you were suspended.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] How to pkg-config (Was: TU application: Daurnimator)

[Robin Broda via aur-general]

On 12/18/18 3:28 AM, Daurnimator wrote:
> --libs-only-other seems to be missing from
> https://linux.die.net/man/1/pkg-config

linux.die.net has been extremely out of date for ages, fwiw

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU application: Daurnimator

[Robin Broda via aur-general]

On 12/11/18 9:00 PM, Daurnimator wrote:
> On Tue, 11 Dec 2018 at 11:45, Alad Wenter via aur-general
>  wrote:
>> 2. You have some AUR packages for LUA modules of your own making, yet
>> they hardcode gcc lines instead of using a Makefile. [1] (At least they
>> respect $CFLAGS and $LDFLAGS, I guess.) Why?
> 
> The upstream packages do not ship a makefile; they "officially" only
> support luarocks for building.

You are upstream, you have the power to make a change for the better

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU application: Daurnimator

[Robin Broda via aur-general]

On 12/11/18 8:45 PM, Alad Wenter via aur-general wrote:
> On 12/11/18 8:30 PM, Alad Wenter wrote:
> 
>> Since the discussion period is about to end without much discussion...
>>
>> Right now the rate of new applications is very high - about 2 new
>> applications per month. That makes a thorough review difficult.
>>
>> Considering the positive experiences of the sponsor, it would be a shame
>> to let a voting period pass. That said, I'm not sure we have sufficient
>> information - at present - to proceed with such a voting period in a
>> meaningful manner.

I agree

>> So about Foxboron's question for confirmation: "Say one or two people
>> confirm they think the voting process should be continued after the
>> discussion has ended?" - I don't know.

> Let's try to get the ball rolling by asking some questions.
.. snip ..
> 3. I have no idea on what some of your more complicated packages do, or
> why they would require said complexity, e.g. iup. [2] Perhaps you could
> explain a bit on that regard.

Taking a closer look at iup, what's with the `sed`ding in prepare()?
- those should be patches, as sed will silently fail when they stop applying
- why do you explicitly link iupview statically?

Also, the url is reachable via https - you should maybe update that.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] On TU application, TU participation and community/ package quality

[Robin Broda via aur-general]

On 11/18/18 3:52 AM, Xyne wrote:
> On 2018-11-12 12:22 +0100
> Levente Polyak via aur-general wrote:
> 
>> Sure, if we can call out sponsors for lack of proper guidance and
>> commitment. Sometimes I have the feeling some sponsors don't do anything
>> besides putting their name into an applications and creating a ticket on
>> success.
>> I know of some sponsors that just didn't take the time to review any
>> packages (they personally admitted so) and therefor IMO didn't really
>> mentor the applicant. We should take sponsoring more seriously.
>>
>> I feel a bit sad and like people offload the burden fully on others like
>> me when I notice very obvious things as VCS packages that for example
>> lack any provides/conflicts (or similar) which is already very well
>> documented in our packaging related wiki pages.
>>
>> Not saying nobody does, but sponsoring should quite frankly be far more
>> then just to agree and like that an applicant wants to become a TU.
>> Redirecting to another possible sponsor doesn't mean you reject an
>> applicant either and that's easy to make clear! To volunteer being a
>> sponsor should mean to _potentially_ spend lots of time and patience in
>> order to be a mentor that an applicant deserves.
> 
> To sponsor a candidate is to declare that you are not only confident in their
> packaging and related technical skills but also that you trust them with 
> access
> to the community repo and the AUR (whence "trusted" user). To build trust
> requires time and observation. TUs should only sponsor candidates that they
> have observed regularly over a period of at least several months, preferably
> more. You should have a good idea of the candidate's online activity and a
> strong positive impression of both the quality of their packages *and* their
> temperament. The reason for sponsoring a candidate should never be "meh, why
> not?".
> 
> Maybe we should stipulate that sponsorship messages consist of more than just
> "yep, I've agreed to sponsor X". The sponsor should explain why they've agreed
> to sponsor the candidate, how the sponsorship was agreed, how long the sponsor
> has been aware of the user in the community, etc. The sponsor should advocate
> for the candidate's application. The sponsor should absolutely review the
> candidate's packages before the candidate applies here. If a TU sponsors a
> candidate with egregiously bad packages (or unacceptable online behavior),
> their own suitability should be brought up for discussion.
> 
> With the aforementioned approach, I like the idea of multiple sponsors to
> ensure a certain level of trust. With the current voting system, if just 1 TU
> votes "yes" and enough vote "abstain" to reach quorum, the vote passes. For 
> me,
> "abstain" means "I don't know enough about this candidate to support the
> application, but I don't see any reason not to either". There should be some
> sort of minimum support above 1.
>  
> However, rather than requiring multiple sponsors just to apply, I suggest
> requiring multiple sponsors to proceed to the vote. The procedure would be:
> 1. A TU identifies a good candidate and discusses the idea with them.
> 2. The TU reviews the candidate's packages and community participation
>thoroughly and suggests improvements if necessary.
> 3. Once all suggested improvements have been made, the TU agrees to sponsor 
> and
>the candidate applies.
> 4. The TU confirms and explains their sponsorship, citing specifics.
> 5. Other TUs review the application. TUs that are confident in the candidate
>after review then vouch for the candidate by co-sponsoring them. In 
> addition
>to the quality of packages, the co-sponsors should have at least been aware
>of the candidate within the community for an extended period of time.
> 6. If x TUs agree to sponsor within the discussion period, the vote goes 
> ahead 
>as usual. If not, the candidate has to wait as usual to reapply. During the
>wait, TUs can pay closer attention to the candidate until they feel
>confident enough to co-sponsor.
> 
> This is just an idea for discussion. I don't know what a good value for x 
> would
> be (how much "trust" is enough?). Sponsoring bad candidates should have
> consequences, but I don't see any way to objectively measure or implement that
> so it would be a bad idea.
> 
> I am entirely opposed to creating a TU council, oversight committee, working
> group or any other power hierarchy. All of the mentioned issues can be
> addressed without it. If a TU is producing sub-standard packages, just contact
> them directly and discuss the issue. If the TU refuses to correct the issue,
> start a discussion on the list. If it's actually a problem, it will go to a
> vote. In the worst case scenario of widespread TU corruption that prevents a
> successful vote, the devs can step in and kick people out, but it should never
> come to that (and if it does, it means we all goofed the application process).
> 
> Moving 

Re: [aur-general] Orphan request: concourse-fly-bin

[Robin Broda via aur-general]

On 11/25/18 7:43 PM, Julien Nicoulaud via aur-general wrote:
> Hi,
> 
> Is it possible to orphan the concourse-fly-bin package (
> https://aur.archlinux.org/packages/concourse-fly-bin), or at least add me
> as co- maintainer (https://aur.archlinux.org/account/nicoulaj) ?
> 
> The maintainer did not update it despite my repeated demands (2018-11-07,
> 2018-11-16, 2018-11-19).
> 
> Cheers,
> Julien
> 

Looks like the package is already an orphan, so you can just adopt it.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] Spam account: philipjoy6

[Robin Broda via aur-general]

On 11/16/18 11:26 AM, Tinu Weber wrote:
> Hello
> 
> Would somebody please take a look at this one? Thank you!
> https://aur.archlinux.org/account/philipjoy6
> 
> Best,
> Tinu
> 

Comments removed & user suspended. Thanks for reporting.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Package requests

[Robin Broda via aur-general]

On 11/10/18 5:29 PM, Storm Dragon via aur-general wrote:
> It's been a week or so
Orphan requests have a 14-day grace period
to give the maintainer time to respond.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] PKGBUILD git remote branch issue

[Robin Broda via aur-general]

On 11/7/18 3:47 PM, Ralf Mardorf wrote:
> On Wed, 2018-11-07 at 08:40 -0600, Doug Newgard via aur-general wrote:
>> On Wed, 07 Nov 2018 15:16:22 +0100
>> Ralf Mardorf  wrote:
>>
>>> "Configure finished, type 'make' to build.
>>> /usr/src/claws-mail-gtk3-git/PKGBUILD: line 85: --enable-ldap: command
>>> not found
>>> ==> ERROR: A failure occurred in build().  
>>> Aborting..."
>>
>> That error is a mistake in the PKGBUILD, nothing to do with the checkout.
> 
> The PKGBUILD tries to build an outdated release, that is why it fails.
> When building the latest release, it works with "--enable-ldap".
> 

No, it doesn't work because you're breaking your multiline command
with the comment line inbetween.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] Account Suspended, No Reason Given

[Robin Broda via aur-general]

On 11/4/18 12:32 PM, Jelle van der Waa wrote:
> On 11/04/18 at 01:37am, shoober420 via aur-general wrote:
>> Not only was no reason given to denying my request to maintain sdl2-hg, you
>> gave no reason for suspending my account. FYI, "sdl2-hg" and
>> "lib32-sdl2-hg" were both maintained by the same guy, so if you just handed
>> over maintainership to me for "lib32-sdl2-hg" in a blink of an eye, there's
>> no reason to do the same for "sdl2-hg", considering it was the same
>> maintainer, and all the reasons I mentioned before, especcially the comment
>> from "Teteros".
> 
> Different TU's accept AUR requests, and respond differently to requests
> such as "Yo I got this my dude". 

For the record, that first request went through automatically.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Account Suspended, No Reason Given

[Robin Broda via aur-general]

On 11/4/18 3:09 AM, shoober420 via aur-general wrote:
> This still doesn't cover up the fact you gave NO WARNING before the
> suspension.

Consider me closing all your other open requests as the warning,
and you opening a new request with an even worse comment as you
- deliberately or not - overstaying your welcome in that regard.

I'm not gonna revoke the suspension early,
you'll have to sit that one out.

On 11/4/18 4:03 AM, shoober420 via aur-general wrote:
> I love Arch, and do a lot for this community.
> You should concentrate on all the good I have done,
> instead of all the supposed bad things I’ve done.

- No matter how important you think you are.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Account Suspended, No Reason Given

[Robin Broda via aur-general]

On 11/4/18 2:00 AM, shoober420 via aur-general wrote:
> I recently tried to be the maintainer for an package that hasn't been
> updated in quite some time. I've been using my own PKGBUILD for the
> particular package with great success, and currently am maintaining
> the "lib32-sdl2-hg" 32 bit version of this package.
> 
> Upon request of this package, It was denied for no reason given,
You have, on the same day, posted four requests
(PRQ#13128, PRQ#13129, PRQ#13131, PRQ#13138)
each with the comment 'Yo I got this my dude.'
- instead of anything useful.

> except a disrespectful message from coderob and I quote.

You're greatly misrepresenting this case.
If anyone is being disrespectful here, that'd be you -
considering all of your 'high quality' requests,
and the fact that you've been posting passive-aggressive
comments on some of the packages in question - namely
'sdl2-hg' and 'lib32-tslib', thinking the maintainer rejected
your request out of spite or something.

The last request out of the bunch, PRQ#13138, was in response to
my closure of your requests.

> "come back with a better request, my dude"
> 
> So I did, I requested to maintain the package again, and was denied,

Turns out, however, that 'YO I GOT THIS FOR REEEAL'
is not a good, or even appropriate, request either.

> then my account got suspended. Whats the deal here? I wasn't warned
> about anything I may have done wrong

Your suspension will be lifted on the 9th,
that'll be one week since i suspended you.

Please think about the requests you post in the future,
and try not to misrepresent your complaints on the ML - we have logs.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Found a spam account; please delete crystal01

[Robin Broda via aur-general]

On 10/31/18 2:58 PM, Andy Kluger via aur-general wrote:
> https://aur.archlinux.org/account/crystal01/comments
> 
> Please delete this user, it's obviously a spam account.
> 

Yup, done - thanks for the report.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU application: Maxim Baz

[Robin Broda via aur-general]

On 10/29/18 1:16 PM, Maxim Baz via aur-general wrote:
> Hello everyone,
> 
> My name is Maxim Baz, and with Morten Linderud (Foxboron) as my sponsor
> (who I was referred to by Alad Wenter) I'm applying to become a Trusted User.
> 

Great that you're applying!


> ...
> Also, as a TU I want to help finishing TODO "BUILDINFO rebuild" [4]
> if it's not completed earlier.

Sadly, or thankfully - depending on how you look at it ;) - the BUILDINFO
rebuild is pretty much outside of our control as TUs, as almost all
remaining packages are outside of [community].
All except for cinnamon-desktop and cjs, that is. *nudge @eschwartz*


> - wire-desktop (76): End-to-end encrypted messaging app that works on Windows,
> Linux, Mac, Android and iPhone. It is free, open-source and available
> on Github. Although I'm co-maintaining this package on AUR, I was mostly
> focused on contributing to the project itself: I added proper emoji support
> (following the latest Unicode standard), emoji autocomplete and improved
> native notifications on Linux (show user pictures, set urgency hint).
> 

Another Electron app? oof...
That one would have to be devendored first, anyways -
right now it is using a bundled Electron :(


> - browserpass (31): Browser extension for pass (unix password manager),
> works in Chromium and Firefox. I became the primary project maintainer about
> a year ago, and together with another maintainer recently started rewriting
> it to make the architecture accommodate users' needs. I'm planning to bring
> this to [community] after the new version is ready (we are aiming to release
> in December). Also, someone in comments on AUR gave me a cool idea to use
> split-packages for Chromium and Firefox browsers, I'm going to do this as
> well (current PKGBUILD installs browserpass for both browsers, even if these
> browsers are not installed).
> 

Nice!


> - gocryptfs (18): Encrypted overlay filesystem, an alternative for encfs.
> 

Just curious - how does this differ to ecryptfs?


> For all of the above, I'm being active on their Github pages and monitoring
> new releases using urlwatch.
> 

Release monitoring is a big plus. nice!


Good luck :P

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] flood of package adoption emails

[Robin Broda via aur-general]

On 10/26/18 10:36 AM, Johannes Wienke wrote:
> Dear all,
> 
> yesterday I received about 10 email notifications that my package
> pass-git-helper-git was adopted by some random user, differing in each
> email. Yet, the web interface shows myself as the maintainer and I never
> opened the package for adoption. Does anyone know what is going on here?
> I can provide such an email for debugging purposes if necessary.
> 
> Johannes
> 

There's (was?) a bug that caused these wrong mails to be generated,
it has supposedly been fixed though apparently the fix doesn't work either

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] PKGBUILD for an .AppImage

[Robin Broda via aur-general]

On 10/13/18 4:36 PM, Jonathon Fernyhough wrote:
> I believe Tom is pointing to the advantages of deploying an AppImage via
> a PKGBUILD, rather than of the AppImage format itself. Essentially,
> using an AppImage as a package `source` like an RPM/deb or other
> non-native packaging archive.

Then what he's referring to aren't the 'advantages of packaging an AppImage', 
but rather the advantages of packages as a whole - and even then it's not 
really accurate.
I don't think going off on a tangent about the benefits of system packages is 
relevant to the topic, anyways.


> I've seen some projects [citation needed] provide only an AppImage and
> building from source is non-trivial, so being able to "package" the
> AppImage could make it easier to use within Arch.

That's not the case here though, as we have source builds for the program in 
question.
If there are upcoming issues with the source build, those should be patched 
upstream or in the PKGBUILD instead of abandoning it in favor of a -bin package.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] Become TU

[Robin Broda via aur-general]

On 10/13/18 3:25 PM, Islam Bahnasy via aur-general wrote:
> 
> Hello,
> 
> I see that 'usbguard' is very useful tool and I depend on it my self so
> I hope if it's merged to the community repo.

I suggest just creating your own package repository.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] PKGBUILD for an .AppImage

[Robin Broda via aur-general]

On 10/13/18 2:06 PM, Tom Hale wrote:
> The advantages I see of packaging an AppImage are:
> 
> * Automatic updates

Automatic in what sense

> * GUI integration (eg appname.desktop file and icon)
> * Easy access to man pages, help docs and changelog
> * Easy access to files (eg skeleton config files) specified in the help docs

Why would that require AppImage in the loop?

Literally none of your points have anything to do with AppImages.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] PKGBUILD for an .AppImage

[Robin Broda via aur-general]

On 10/11/18 8:12 AM, Tom Hale wrote:
> I searched through the forums and can't find anything on packaging an 
> AppImage.
> 
> The only app referenced (upwork-appimage) is no longer available.
> 
> The particular AppImage in question is:
> https://github.com/robert7/nixnote2/releases
> 
> How do I search this mailing list online?
> 
> What advice would you give with .AppImages?
> 
> I *could* rip it open, but the only snag I hit was the binary is linked to 
> `libhunspell-1.3.so.0` whereas Arch has `/usr/lib/libhunspell-1.6.so.0`.
> 
> Would it be a no-no to install this previous libhunspell version in /usr/lib?
> 
> If using an unextacted AppImage, where should I install the .AppImage itself?
> 
> /usr/bin/$pkgname.AppImage with a simlink from /usr/bin/$pkgname?
> 
> 
> Cheers,
> 

Looks like nixnote2 is already on the AUR and properly built from source, both 
stable and -git.
A binary package ripped from an AppImage is probably the last thing you should 
be proposing...

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] Spam account Hard_Work23

[Robin Broda via aur-general]

On 07/18/2018 11:46 PM, Lucas Salies Brum wrote:
> SPAM here: https://aur.archlinux.org/packages/medleytext/

Removed, thanks for the report

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] pkgrel - Is it correct that some "fixes" aren't "fixes"?

[Robin Broda via aur-general]

On 06/22/2018 07:33 PM, Ralf Mardorf wrote:
> On Fri, 22 Jun 2018 19:20:24 +0200, Robin Broda via aur-general wrote:
>> If the built package does not change, pkgrel does not need to be
>> incremented.
> 
> Moving a package from AUR to Community or vice versa also doesn't
> change the content. I guess the pkgrel should inform about each change
> done to a package providing the same pkgver.

Moving a package from the AUR to [community] means that [community] now
holds a build made by the adopting TU, incrementing the pkgrel ensures
that package users automatically get the now-official build.

Unless the package is 100% reproducible and was built in a clean environment,
the package contents will differ to the ones that users who built it themself
may already have -> My initial statement - the built package has changed.

> The broken package already was released,
> so fixing it IMO is a fix worth increasing the pkgrel.

Nobody could've possibly built it like that,
so the package never existed in that state.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] pkgrel - Is it correct that some "fixes" aren't "fixes"?

[Robin Broda via aur-general]

On 06/22/2018 07:18 PM, Ralf Mardorf wrote:
> see https://aur.archlinux.org/packages/dh-make/ for "The fix of the
> source url was neither a fix...".

Changing the source url to a different url of the same source will not 
influence the built package

> Is it correct that some "fixes" aren't considered as being "fixes", so
> that the pkgrel shouldn't increase?

If the built package does not change, pkgrel does not need to be incremented.

-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] Packaging all CRAN packages for R

[Robin Broda via aur-general]

On 05/26/2018 06:04 PM, Alex Branham via aur-general wrote:
> Is this something people would like to have in the AUR? I figured I
> should ask before adding ~12.5k packages.

I'd recommend doing it like anatolik with his 'quarry' project (ruby),
he's got the scripts on github[0], and hosts the packages
in a custom repo[1]. Much like quarry, you probably don't want to
blanket-provide all 12.5k R packages, so a whitelist of targets would
be a sensible solution.

[0] https://github.com/anatol/quarry
[1] https://pkgbuild.com/~anatolik/quarry/
-- 
Rob (coderobe)

O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: [aur-general] Deletion of discord-updater{,-canary}?

[Robin Broda via aur-general]

On 05/10/2018 05:23 AM, Morgan Adamiec via aur-general wrote:
> On 10 May 2018 at 01:50, Eli Schwartz via aur-general
>  wrote:
>> On 05/09/2018 08:29 PM, Morgan Adamiec via aur-general wrote:
>>> discord-updater is quite a confusing package to me. I'm not sure is I
>>> should file a deletion request for it.
>>>
>>> When discord needs an update it will refuse to start until it is
>>> updated. This package appears to be designed to download the latest
>>> discord .tar.gz and extract it to ~/.local. By passing the need to
>>> wait for updates on the main discord AUR package.
>>>
>>> My question here is does this count as a duplicate to discord? And
>>> even if it does not should this really be in the AUR in the first
>>> place? It is just a simple script really.
>>
>> I'm not sure I see a reason for this package either, especially
>> considering this will tend to duplicate lots of content in a multi-user
>> setup.
>>
>>> For future reference I would appreciate if anyone can tell me the
>>> correct place to send this sort of thing. Here, to aur-requests or
>>> type it into the request box on the AUR page.
>>
>> Submitting a deletion request is something you should do when you're
>> pretty sure that's the action that should be taken. If you're unsure,
>> then aur-general is a reasonable enough place to inquire about policy.
>>
>>> Also on a similar topic, the package discord-always-canary was removed
>>> from the AUR by Eschwartz. This package is essentially discord-canary
>>> with a pkgver() function. Meanwhile firefox-always-nightly is still on
>>> the AUR and is essentially the same idea.
>>
>> I noticed the former, while dealing with a package request. I never
>> noticed the latter. :D
>>
>> But I don't see the point of that either, especially considering
>> firefox-nightly is pretty good about tracking this properly.
>>
>>> Is there a reason the discord-always-canary can not exist, similar to
>>> pkg and pkg-git? I get they comparison is not exactly the same because
>>> both discord packages source stable versions.
>>
>> git packages specifically refer to the latest VCS sources. They're 1)
>> development versions, 2) building different code, 3) tracking something
>> which is inherently changeable.
>>
>> packages which are nominally stable releases, but get updated nightly,
>> are an interesting issue. I don't think anyone is served by having two
>> packages for it though -- I figure this is reasonable:
>>
>>> Instead would it be a good idea to add a pkgver() function to the main
>>> discord packages? As mentioned discord will refuse to start when out
>>> of date, so most users are stuck waiting for the maintainer to update
>>> it.
>>
>> This would probably make sense, it's the same thing firefox-nightly does.
>>
>> --
>> Eli Schwartz
>> Bug Wrangler and Trusted User
>>
> 
> Thanks for the reply and info, would you like me to send the
> appropriate deletion requests?
> 
> Adding a pkgver() to Discord in a clean way is proving to be quite annoying.
> 
> Adding this to the source=()
> 'https://discordapp.com/api/download/canary?platform=linux=tar.gz'
> causes makepkg to download a file named
> 'canary?platform=linux=tar.gz' even though the download output
> from curl correctly manages the redirect and displays "Downloading
> discord-canary-0.0.49.tar.gz"
> 
> I can get the pkgver via curl -sI
> 'https://discordapp.com/api/download/canary?platform=linux=tar.gz'
> | grep -Po '(?<=/apps/linux/)[^/]+' but the pkgver is ran after the
> download and prepare.
> 
> I don't think it's good practise for the pkgver() to need internet anyway.

This is kind of a TOCTOU issue. I wouldn't recommend it.

> I can hack together:
> _version=`curl -sI
> 'https://discordapp.com/api/download/canary?platform=linux=tar.gz'
> | grep -Po '(?<=/apps/linux/)[^/]+'`
> source=("$pkgname-$_version::$url")
> 
> But then I have a global variable which requires internet which is
> probably worse.
> 
> Do you know good way to do this that doesn't break the pkgbuild
> conventions? Is it worth it to break those conventions and use these
> hacks anyway?
> 

Does the tarball not contain any version information at all?

Rob

Re: [aur-general] Renaming xiccd to colord-xiccd

[Robin Broda via aur-general]

On 04/25/2018 11:53 PM, Alberto Salvia Novella via aur-general wrote:
> I want to propose this
> .
> 
> 
> Alberto 

I think ooo has already sufficiently explained where the package name
comes from on the bbs thread[1]. I don't see a reason for your proposed
exception.

Regards,
Rob

[1] https://bbs.archlinux.org/viewtopic.php?pid=1781646#p1781646



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] [PRQ#11055] Deletion Request for dnscrypt-proxy-go | [PRQ#11056] Deletion Request for dnscrypt-proxy-go-git

[Robin Broda via aur-general]

On 04/04/2018 04:37 PM, Jordan Glover wrote:
> On April 4, 2018 3:44 PM, Robin Broda via aur-general 
> <aur-general@archlinux.org> wrote:
> 
>> On 04/04/2018 02:41 PM, Jordan Glover via aur-general wrote:
>>
>>> Can we get more explanation for this? This isn't a version bump. This 
>>> project
>>>
>>> was rewritten from scratch, the old sources are gone. The PKGBUILD was 
>>> written
>>>
>>> from scratch, packagement solutions were upstreamed[1]. Upstream points
>>>
>>> specifically to this package[2]. Archlinux repo maintainer wasn't involved 
>>> at
>>>
>>> all with those and there is no info if he's interested in maintaining the 
>>> new
>>>
>>> v2 version.
>>>
>>> [1] 
>>> https://github.com/jedisct1/dnscrypt-proxy/commit/fa2c95084ef9b575bfbe62543e0765623c9b8a0e
>>>
>>> [2] https://github.com/jedisct1/dnscrypt-proxy/wiki/Installation-ArchLinux
>>>
>>> Jordan
>>
>> It's got the same name, is written by the same author, and the versions
>>
>> begin at 2.0.0. Fwiw this is just a major version bump of the same
>>
>> package - it doesn't really matter what percentage of it has changed
>>
>> since the last version.
> 
> So when it doesn't share any code, doesn't share code repository and doesn't
> use compatible configs it's still the same package ...

This is a result of the poor deprecation path (read: none)
dnscrypt-proxy v1 had, coupled with the poor handling of superseding it
with v2 (deleting all traces to v1, developing v2 in the same
namespace). That's just bad project management, and there's no reason to
rename our community/dnscrypt-proxy when (the same) upstream calls
itself dnscrypt-proxy v2 - it's, for all that matters, a major version
bump with breaking changes and an awful deprecation path.

> ... but when it shares the same
> code, repository and configs and it's named securedns-proxy it will be totally
> different.

IMO, if this was a new program officially called securedns-proxy, on a
different upstream URL, then yes - that'd be a new package.

>>
>> Yes, that means the package in [community] is out-of-date, and no, your
>>
>> involvement with upstream doesn't matter.
> 
> I'm not the package owner.
> 
>>
>> Regards, Rob
> 
> 
>  The point is that the community package which doesn't build manually and
> point to nonexistent sources is the one which should be deleted instead of
> the one from AUR. If you prefer that upstream Archlinux instructions will look
> the same as those for Ubuntu/Debian[*] then it will be done but it would  mean
> that Archlinux project in current form is a joke and you role in it isn't 
> worth a
> dime.

The package in [community] will be updated soon.

> 
> [*] "Do not install the dnscrypt-proxy distribution package, as it is old, 
> and unsupported."
> https://github.com/jedisct1/dnscrypt-proxy/wiki/Installation-Debian-Ubuntu
> ​Jordan
> 

Regards, Rob



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] [PRQ#11055] Deletion Request for dnscrypt-proxy-go | [PRQ#11056] Deletion Request for dnscrypt-proxy-go-git

[Robin Broda via aur-general]

On 04/04/2018 02:41 PM, Jordan Glover via aur-general wrote:
> Can we get more explanation for this? This isn't a version bump. This project
> was rewritten from scratch, the old sources are gone. The PKGBUILD was written
> from scratch, packagement solutions were upstreamed[1]. Upstream points
> specifically to this package[2]. Archlinux repo maintainer wasn't involved at
> all with those and there is no info if he's interested in maintaining the new
> v2 version.
> 
> [1] 
> https://github.com/jedisct1/dnscrypt-proxy/commit/fa2c95084ef9b575bfbe62543e0765623c9b8a0e
> [2] https://github.com/jedisct1/dnscrypt-proxy/wiki/Installation-ArchLinux
> 
> ​Jordan
> 

It's got the same name, is written by the same author, and the versions
begin at 2.0.0. Fwiw this is just a major version bump of the same
package - it doesn't really matter what percentage of it has changed
since the last version.
Yes, that means the package in [community] is out-of-date, and no, your
involvement with upstream doesn't matter.

Regards, Rob



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU Application - Robin Broda

[Robin Broda via aur-general]

On 03/05/2018 05:27 PM, Levente Polyak via aur-general wrote:

> On 03/05/2018 05:20 PM, Robin Broda via aur-general wrote:
>> On 03/05/2018 05:11 PM, Levente Polyak via aur-general wrote:
>>
>>> On 03/02/2018 08:09 PM, Robin Broda via aur-general wrote:
>>>> [...] 
>>> You're welcome.
>>>
>>>
>>> BTW: How are you tracking upstream updated so you can bump your packages
>>>  before someone flags them?
>>>
>>> cheers,
>>> Levente
>>>
>> The ones i've submitted the patches to notified me via email on
>> merge/activity (GitHub default),
>> and my current non-vcs packages don't update very frequently - so beyond
>> occasionally checking
>> upstream, i'm not doing anything special yet.
>>
>> Regards,
>> Rob
>>
>
> Hey Rob,
>
> ah I see... thanks for the fast handling of my feedback :P
>
> I would recommend taking a look at a way to track upstreams for release
> tarballs/tags beyond that...

I've already looked into doing that in the future when maintaining
active non-vcs packages.


> there is a big amount of tools to achieve this (trying not to turn this
> thread into an advertisement-repy-war so not mentioning any).

For most software, curl & git will probably suffice i think.


> For projects hosted on git i find it handy to have some of them
> observing 'git ls-remote --tags https://someurl.foo/project.git'.
>
>
> I recommand having something in place to track maintained packages.
>
> cheers,
> Levente

Oh yeah definitely.

Regards,
Rob



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU Application - Robin Broda

[Robin Broda via aur-general]

On 03/05/2018 05:11 PM, Levente Polyak via aur-general wrote:

> On 03/02/2018 08:09 PM, Robin Broda via aur-general wrote:
>> On 03/02/2018 06:17 PM, Levente Polyak via aur-general wrote:
>>> find some notes related to your packages:
>>>
>>> [...]
>>>
>> Thanks for the feedback!
>>
>> Regards,
>> Rob
>>
> You're welcome.
>
>
> BTW: How are you tracking upstream updated so you can bump your packages
>  before someone flags them?
>
> cheers,
> Levente
>
The ones i've submitted the patches to notified me via email on
merge/activity (GitHub default),
and my current non-vcs packages don't update very frequently - so beyond
occasionally checking
upstream, i'm not doing anything special yet.

Regards,
Rob



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU Application - Robin Broda

[Robin Broda via aur-general]

On 03/04/2018 03:02 PM, Eli Schwartz via aur-general wrote:

> On 03/03/2018 05:50 PM, Nico via aur-general wrote:
>>> After becoming a TU, I'd like to look into promoting a couple of
>>> packages from the AUR over time, including but not limited to
>>> `rutorrent`, `psensor`, `glava` (currently `glava-git`, waiting for
>>> tagged releases), `gtkhash`, `streem`, & `polybar` - assuming that no
>>> issues preventing the packaging (& inclusion in the repos) turn up and
>>> the popularity/votes are high enough to warrant inclusion.
>> I might be wrong, but dont we require to have at least 10 votes on AUR
>> to move a package to [community]? In this case none of your packges has
>> more than 6 votes at the time of writing this. There is also a rule
>> about >=1% popularity on pkgstats, but it seems every package has at
>> least 1%? Or does this TU application count as a proposol on which 3 TUs
>> must aggree?
> Okay?
>
> rutorrent -- 126 votes
> psensor -- 89 votes
> gtkhash -- 49 votes
> polybar -- 87 votes
>
> Yes, streem has only 1 vote, while glava-git has only 6 + no actual
> stable releases... but it was also only recently uploaded and that might
> easily change, besides which coderobe did say "and the popularity/votes
> are high enough to warrant inclusion."
I am assuming the popularity of these packages is going to rise.
The newcomer glava-git alone got most of its popularity last week iirc,
and i'm expecting more over the next couple as development continues &
awareness increases. I definitely don't plan to publish unused/unpopular
packages to [community].

>
> We will most likely not be blitzed by a series of unpopular fringe-use
> packages. :p
>
>> In this case none of your packges has more than 6 votes at the time of
>> writing this.
> It sort of feels like you are incredibly focused on the packages that he
> has stated a desire to see in [community], which intersect with the
> packages which he personally maintains, to the exclusion of the rest...
Right. I don't plan to promote any of my AUR packages without reason.


Regards,
Rob



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU Application - Robin Broda

[Robin Broda via aur-general]

On 03/02/2018 06:17 PM, Levente Polyak via aur-general wrote:

> On 03/02/2018 05:16 PM, Robin Broda via aur-general wrote:
>> Hello,
>>
>> I'm Robin 'coderobe' Broda, born in '99, and I'm writing to become a
>> Trusted User.
> Hi Robin,
>
> good luck.
Thanks!
> You can already start helping with reproducible build stuff,
> feel free to ask for advice in #archlinux-reproducible we have toolchain
> to be extended and bugs filed against upstream.
>
> find some notes related to your packages:
>
> streem + streem-git
> - They don't honor existing CFLAGS and LDFLAGS (later at all).
>   For now, you can fix both with a small sed command but i recommend
>   bringing this issue upstream as a easy PR.
>   Always checking for respect of those flags is important.
Fixed & patch submitted upstream.
> - If you touch the Makefile anyway maybe a install target with
>   respecting PREFIX and DESTDIR would make sense.
I'm considering it. Right now there's no install target at all, and i
don't think the maintainer has an idea about which files to install and
where even. I'll keep an eye on further development either way and i'll
submit a patch should a future install target not respect PREFIX and/or
DESTDIR.
> indicator-sysmonitor
> - 80.patch is not a unique file name per se, this is important for
>   shared srcdir setups. a prefix using the $pkgname should be better.
Good point. Done.
> - /usr/bin/indicator-sysmonitor invokes stuff and imports py files
>   provided in usr/lib. This can result in untracked file creations
>   if the application is run as root. cache files should be created
>   before packaging, but this should also be possible solved upstream
>   for the make install call
I'm not really sure how to fix that, i'm not that familiar with python
and its cache generation.
> - sysmonitor-budgie-git and sysmonitor-appindicator-git should
>   also provide their own non-git variants to possibly satisfy
>   sysmonitor-budgie or sysmonitor-appindicator instead of the
>   general shared indicator-sysmonitor provides.
> - just style, but in package() instead of pkgdesc="${pkgdesc}
>   you can also simply use pkgdesc+="
Fixed!
> glava
> - seems to work/build just fine with non-git glfw-x11, is the -git
>   required?
You're right. I was under the impression glava used a couple of features
that weren't yet included in the release build. Fixed.
> - LDFLAGS is not properly handled in Makefile leading to non -znow
>   (and other flags) linking. should be temporarily fixed in PKGBUILD
>   and possibly a patch submited upstream.
Fixed & submitted a patch.
> daemontools-encore
> - quite weird Makefile with their conf-cc and print-cc.sh calls,
>   anyway does not respect CFLAGS and LDFLAGS at all. should be fixed.
After figuring out the flow i've added two patches to the package that
address this.
>   This Makefile made me giggle :D
Yeah their "build system" certainly is uh, special - to say the least.

> cheers,
> Levente
Thanks for the feedback!

Regards,
Rob



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU Application - Robin Broda

[Robin Broda via aur-general]

Interestingly enough, the signature went bad after transit.
This message should verify fine.

Regards,
Rob

On 03/02/2018 05:16 PM, Robin Broda via aur-general wrote:
> Hello,
>
> I'm Robin 'coderobe' Broda, born in '99, and I'm writing to become a
> Trusted User.
> I've been an Arch user since ~2014, using it on several devices
> including most of my servers. I'm more or less active on IRC, very
> interested in open-source development[0], federated networks, &
> reproducible builds - and would like to increase the amount of
> reproducible packages in Arch.
> I maintain a couple of PKGBUILDs in the AUR and I'm looking to adopt
> more[2].
>
> Eli Schwartz has agreed to sponsor my application.
>
> After becoming a TU, I'd like to look into promoting a couple of
> packages from the AUR over time, including but not limited to
> `rutorrent`, `psensor`, `glava` (currently `glava-git`, waiting for
> tagged releases), `gtkhash`, `streem`, & `polybar` - assuming that no
> issues preventing the packaging (& inclusion in the repos) turn up and
> the popularity/votes are high enough to warrant inclusion.
> I would also like to potentially tackle some of the TODOs[1].
> As mentioned earlier, I also plan to look into reproducibility issues
> and improving the infrastructure around reproducible builds (and the
> verification thereof).
>
> I'm available on IRC with the username 'coderobe' (Freenode), on
> Matrix[3] (@coderobe:cdr.li), and via e-mail - should you have questions
> about anything. My timezone is UTC+1.
>
> Thank you for considering.
>
> Regards,
> Rob
>
> [0] https://github.com/coderobe
> [1] https://www.archlinux.org/todo/
> [2]
> https://aur.archlinux.org/packages/?O=0=M=coderobe==n=a=50_Search=Go
> [3] https://matrix.org/
>
>




signature.asc
Description: OpenPGP digital signature

[aur-general] TU Application - Robin Broda

[Robin Broda via aur-general]

Hello,

I'm Robin 'coderobe' Broda, born in '99, and I'm writing to become a
Trusted User.
I've been an Arch user since ~2014, using it on several devices
including most of my servers. I'm more or less active on IRC, very
interested in open-source development[0], federated networks, &
reproducible builds - and would like to increase the amount of
reproducible packages in Arch.
I maintain a couple of PKGBUILDs in the AUR and I'm looking to adopt
more[2].

Eli Schwartz has agreed to sponsor my application.

After becoming a TU, I'd like to look into promoting a couple of
packages from the AUR over time, including but not limited to
`rutorrent`, `psensor`, `glava` (currently `glava-git`, waiting for
tagged releases), `gtkhash`, `streem`, & `polybar` - assuming that no
issues preventing the packaging (& inclusion in the repos) turn up and
the popularity/votes are high enough to warrant inclusion.
I would also like to potentially tackle some of the TODOs[1].
As mentioned earlier, I also plan to look into reproducibility issues
and improving the infrastructure around reproducible builds (and the
verification thereof).

I'm available on IRC with the username 'coderobe' (Freenode), on
Matrix[3] (@coderobe:cdr.li), and via e-mail - should you have questions
about anything. My timezone is UTC+1.

Thank you for considering.

Regards,
Rob

[0] https://github.com/coderobe
[1] https://www.archlinux.org/todo/
[2]
https://aur.archlinux.org/packages/?O=0=M=coderobe==n=a=50_Search=Go
[3] https://matrix.org/




signature.asc
Description: OpenPGP digital signature

Re: [aur-general] PKGBUILD depends() question

[Robin Broda via aur-general]

Try to figure out what upstream lists as dependencies, & check against 
namcap[1]


[1] - https://wiki.archlinux.org/index.php/Namcap#Dependencies

- Rob

On 02/19/2018 05:08 AM, Future Trailer via aur-general wrote:

When creating PKGBUILD how can I find the dependency of a package to fill
the depends() array? Many thanks to your help.