Re: [aur-general] TU application: Ivy Foster

[Ivy Foster]

On 10 Feb 2018, at  1:02  +0100, Alad Wenter via aur-general wrote:
> the proposal has been accepted. Congratulations!

Awesome! Thanks, y'all.

Ivy


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Eli Schwartz via aur-general]

On 02/09/2018 07:02 PM, Alad Wenter via aur-general wrote:
> On Sat, Feb 03, 2018 at 12:12:44AM +0100, Alad Wenter via aur-general wrote:
>> On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
>>> On 26 Jan 2018, at 10:31  +0100, Alad Wenter via aur-general wrote:
 Note: If possible please add a short reply with a GPG signature.
>>>
>>> My mistake! Here's my official, signed reply.
>>>
>> The discussion period is over. Let the votes begin!
>>
>> https://aur.archlinux.org/tu/?id=103
>>
> The voting period has ended, with the following results:
> 
> Yes:33
> No: 3
> Abstain:3
> Total:  39
> 
> As such, the proposal has been accepted. Congratulations!
> 
> Alad
> 

Congrats, welcome to the team! :)

-- 
Eli Schwartz
Bug Wrangler and Trusted User



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU application: Ivy Foster

[Baptiste Jonglez]

On 10-02-18, Alad Wenter via aur-general wrote:
> On Sat, Feb 03, 2018 at 12:12:44AM +0100, Alad Wenter via aur-general wrote:
> > On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
> > > On 26 Jan 2018, at 10:31  +0100, Alad Wenter via aur-general wrote:
> > > > Note: If possible please add a short reply with a GPG signature.
> > > 
> > > My mistake! Here's my official, signed reply.
> > > 
> > The discussion period is over. Let the votes begin!
> > 
> > https://aur.archlinux.org/tu/?id=103
> >
> The voting period has ended, with the following results:
> 
> Yes:33
> No: 3
> Abstain:3
> Total:  39
> 
> As such, the proposal has been accepted. Congratulations!

Congrats, and welcome to the team!

Baptiste


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Alad Wenter via aur-general]

On Sat, Feb 03, 2018 at 12:12:44AM +0100, Alad Wenter via aur-general wrote:
> On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
> > On 26 Jan 2018, at 10:31  +0100, Alad Wenter via aur-general wrote:
> > > Note: If possible please add a short reply with a GPG signature.
> > 
> > My mistake! Here's my official, signed reply.
> > 
> The discussion period is over. Let the votes begin!
> 
> https://aur.archlinux.org/tu/?id=103
>
The voting period has ended, with the following results:

Yes:33
No: 3
Abstain:3
Total:  39

As such, the proposal has been accepted. Congratulations!

Alad


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Levente Polyak via aur-general]

On February 2, 2018 12:40:57 AM GMT+01:00, Ivy Foster  wrote:
>
>For cgo, since upstream pulled in the patches I submitted, LDFLAGS are
>properly picked up and we have full relro.
>
>libbulletml was a bit tougher. I wound up throwing out Debian's
>patches to upstream's Makefile and just rewriting the Makefile from
>scratch. Hopefully either Debian or the dev will be interested in
>accepting the new Makefile; until word comes back, it's [in the AUR
>git repo][1]. This also grants full relro.
>


Awesome, thanks for upstreaming the problems :)

Re: [aur-general] TU application: Ivy Foster

[Alad Wenter via aur-general]

On Fri, Jan 26, 2018 at 03:53:07PM -0600, Ivy Foster wrote:
> On 26 Jan 2018, at 10:31  +0100, Alad Wenter via aur-general wrote:
> > Note: If possible please add a short reply with a GPG signature.
> 
> My mistake! Here's my official, signed reply.
> 
The discussion period is over. Let the votes begin!

https://aur.archlinux.org/tu/?id=103


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Ivy Foster]

On 01 Feb 2018, at  8:29  +0100, Levente Polyak via aur-general wrote:
> On January 30, 2018 11:37:42 PM GMT+01:00, Ivy Foster  
> wrote:
> >I'll have some time free tomorrow to get you a proper answer and/or
> >fix; for now, I'm just letting you know I got your email!

> Hey, any news from respecting LDFLAGS and if needed just purge parts of it? 
> I'm specially interested in seeing full relro.

Hey, Levente. Sorry for the delay!

For cgo, since upstream pulled in the patches I submitted, LDFLAGS are
properly picked up and we have full relro.

libbulletml was a bit tougher. I wound up throwing out Debian's
patches to upstream's Makefile and just rewriting the Makefile from
scratch. Hopefully either Debian or the dev will be interested in
accepting the new Makefile; until word comes back, it's [in the AUR
git repo][1]. This also grants full relro.

I've yet to run checksec on my other packages, but intend to do so.
I'm not sure yet what to do about some of its feedback, notably
thinking that some binaries aren't ELF files (so no PIE feedback
given) or the number of unfortified...things.

Thanks again for your feedback!

Ivy

[1]: https://aur.archlinux.org/cgit/aur.git/tree/?h=libbulletml


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Levente Polyak via aur-general]

On January 30, 2018 11:37:42 PM GMT+01:00, Ivy Foster  wrote:
>I'll have some time free tomorrow to get you a proper answer and/or
>fix; for now, I'm just letting you know I got your email!


Hey, any news from respecting LDFLAGS and if needed just purge parts of it? 
I'm specially interested in seeing full relro.

Cheers,
Levente 

Re: [aur-general] TU application: Ivy Foster

[Ivy Foster]

On 28 Jan 2018, at  9:33  +0100, Levente Polyak via aur-general wrote:
> Hey, good luck and such

Thanks!

> Just noticed [some interesting points]

I'll have some time free tomorrow to get you a proper answer and/or
fix; for now, I'm just letting you know I got your email!

Thanks,
Ivy

Re: [aur-general] TU application: Ivy Foster

[Levente Polyak via aur-general]

Hey, good luck and such

Just noticed there are packages that don't properly LDFLAGS resulting in
binaries without full RELRO.
Its good to always checksec the binaries once creating or adopting a new
package and see if everything was setup properly to respect hardening
and other flags like generic archs.
namcap will have such feature soonish

Everything else i had on my list was already mentioned by Eli.

libbulletml:
- whats up with LDFLAGS from makepkg.conf? like -znow?
  if there are options that don't work its better to remove them
  from makepkg.conf LDFLAGS but always use the variable

cgo-git:
- does not respect LDFLAGS leading to a binary without full relro

cheers,
Levente

Re: [aur-general] TU application: Ivy Foster

[Ivy Foster]

On 27 Jan 2018, at 10:40  +0100, Christian Rebischke via aur-general wrote:
> On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote:
> Hello Ivy,
> Do you plan to adopt some orphans as well?

Definitely!

Quickly scanning through the list, a few stand out to me...though they
generally don't look as though they need updates right away.

- bmake
- cd-discid (if I were to crab this one, I'd probably also take
cddb_get, even though I've had little luck with cddb results)
- ispell
- libcdaudio
- unicode-character-database

Beyond that, I'd say "sure, if it looks interesting or necessary" and
"I can at least update and then re-orphan this thing I don't use".

iff

Re: [aur-general] TU application: Ivy Foster

[Christian Rebischke via aur-general]

On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote:
> # Packages
> [..]

Hello Ivy,
Do you plan to adopt some orphans as well?

chris


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Ivy Foster]

On 26 Jan 2018, at  4:35  -0500, Eli Schwartz via aur-general wrote:
> On 01/26/2018 04:23 PM, Ivy Foster wrote:
> > I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to
> > be my sponsor.

> It is great to see you take the plunge, I wish you the best of luck!

Thanks!

> > Arch has always been a rewarding community to contribute to, and I
> > figure that maintaining some packages and generally helping out could
> > be a good way to contribute a bit more.
> > 
> > If accepted to be a TU, my plan of action is as follows:
> > 1. Go mad with power^U
> > 1. Bring a handful of packages into [community] (see below)
> > 2. Help out with rebuilds and package updates where that does not
> > involve stepping on toes
> > 3. Continue to submit occasional patches to Arch projects
> > 4. Help with to-do lists. [...]

> Sounds like a (wo)man after my own heart!

Woman, and glad to hear it!

> This reminds me I still have so much to do... like all that https/gpg stuff.

There's always more to do, I guess.

> > Thanks for your consideration, and I'm of course happy to answer
> > questions and address critiques.

> But overall, quite good!

Thanks!

> > - ledger
> > This program is super useful, and I doubt I'm the only one who
> > dreads every boost update because this takes so long to build!

> Lukas has beaten you to it: https://packages.archlinux.org/ledger

I replied to this elsewhere already, but that's great news (-: . In
related news, I've [poked upstream][1] to see about a new release, since
there's been a year's worth of bugfixes! They're into it.

# Critiques & Responses

> We discussed this on IRC already, I'll have to check and see how you've
> adapted to my suggestions.

I've addressed most of them; see responses inline. Of course,
onlookers should judge each fix to make sure it's not a "fix" instead.

## cgo-git

> 2018-01-25 07:07:51 PMguysI noticed something immediately, 
> cgo-git has
> a custom:cgo-git license, but it is really an ISC license.
> 2018-01-25 07:08:15 PMguysAnd it installs the whole source code in
> /usr/share/licenses/ instead of using sed to extract it or something. :p
> 2018-01-25 07:09:25 PMguysI'd just extract the first few lines 
> using
> sed, until I hit the first  */ and call it a day

I've changed the license to ISC and used sed to extract the license
from the source. I've also [submitted a patch upstream][2] creating a
separate LICENSE file.

> 2018-01-25 07:11:25 PMguysAlso, the upstream Makefile is terrible 
> and
> should use CFLAGS properly :p
> 2018-01-25 07:12:27 PMguysI want pull requests to fix this :p

[Pull request submitted][3].

> 2018-01-25 07:14:28 PMguysfist, should be upgraded to use HTTPS 
> since
> their website upgrades you anyway

[Done][4].

## frotz-dumb-git / frotz-ncurses-git

> 2018-01-25 07:27:55 PMguysfrotz-git conflicts and *replaces* 
> frotz,
> which is wrong, it should provide it instead
> 2018-01-25 07:28:23 PMguysreplaces means that if you pacman -Syu 
> and
> find it in a repo, it gets synced as a replacement for what you
> currently have...

> 2018-01-25 07:29:11 PMguysI can hardly read the sed line you use 
> in
> pkgver()
> 2018-01-25 07:29:22 PMguyssed 's,-\(.*\)-,.r\1.,'
> 2018-01-25 07:29:30 PMguyswrong place to use , as separators!
> 2018-01-25 07:33:03 PMguysBut anyway, to modify 2.44-196-gf3ceac9
> could just use the standard sed line from the wiki page
> 2018-01-25 07:34:05 PMescondida   that one *I* can hardly read (-:

> 2018-01-25 07:35:48 PMguysUse of sed to modify more than three 
> things
> in prepare should be strictly prohibited; use a patch file

[All fixed][5]. I still refuse to use the sed line from the wiki page,
because I'm a big weirdo.

## libbulletml & rrootage

> 2018-01-25 07:39:48 PMguys> # upstream does not provide checksums,
> though Debian does for their patches
> 2018-01-25 07:40:04 PMguysThis is not a reason to disable checks 
> for
> download errors.

I've [added checksums][6], along with a note not to place too much
trust in them since they're mine and not the developer's.

> 2018-01-25 07:41:09 PMguysWhy does libbulletml.so need to modify
> CFLAGS CXXFLAGS :(
> 2018-01-25 07:41:21 PMguysAnd why does it overwrite LDFLAGS, 
> instead?
> 2018-01-25 07:41:41 PMguysDoes it derp on the LDFLAGS from 
> makepkg.conf?
> 2018-01-25 07:42:17 PMguysWhy does it create libbulletml.a 
> anyway, if
> makepkg automatically strips staticlibs?

This library's build process is simply bizarre. I've left the build as
is, since that seems to be what it takes to get it to, well, build.

> 2018-01-25 07:51:23 PMguysrrootage: the pkgdesc is 
> self-referential,
> remove the first two words
> 2018-01-25 07:52:12 PMguysAnd it downloads from
> 

Re: [aur-general] TU application: Ivy Foster

[Pierre Neidhardt via aur-general]

Thank you Ivy for this excellent list of applications, one of the best
I've seen in a while! :)

-- 
Pierre Neidhardt

I'd rather just believe that it's done by little elves running around.


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Andrew Crerar]

On 1/26/18 4:23 PM, Ivy Foster wrote:
> Hi, folks,
> 
Hi!

> I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to
> be my sponsor.
> > I've been an Arch user for the last 10 years or so. Some of you may
> know me from IRC or the forums, where I use the nick escondida.
> Lately, I've been much less active on IRC, but have contributed a
> handful of patches to pacman. I also maintain [a few buildscripts][1]
> in the AUR.
> 
> Arch has always been a rewarding community to contribute to, and I
> figure that maintaining some packages and generally helping out could
> be a good way to contribute a bit more.
> 
> If accepted to be a TU, my plan of action is as follows:
> 1. Go mad with power^U
> 1. Bring a handful of packages into [community] (see below)
> 2. Help out with rebuilds and package updates where that does not
>   involve stepping on toes
> 3. Continue to submit occasional patches to Arch projects
> 4. Help with to-do lists. Off the top of my head, taking a quick look
>   at current to-do lists with actual outstanding items:
> 
>   
> https://www.archlinux.org/todo/packages-with-out-of-repositories-dependencies/
>   I'd be interested both in simply weeding out those
>   with inappropriate deps and in bringing in deps I'd
>   consider actually useful, such as tcllib for tcl-remind.
> 
>   https://www.archlinux.org/todo/source-retirement/
>   https://www.archlinux.org/todo/codegooglecom-retirement/
>   I wouldn't mind tracking down lost sources.
> 
Yesss!

> Thanks for your consideration, and I'm of course happy to answer
> questions and address critiques.
> 
> Cheers,
> Ivy "escondida" Foster
> 
> # Packages
> 
> If I'm accepted, there are a handful of packages I already have in
> mind to bring to the repos:
> 
> - [bemenu][2]
>   Though dmenu is already available, bemenu is a solid
>   alternative for X, Wayland or terminals.
> 
> - [farbfeld][3]
>   An oddball but interesting new image format
> 
> - [frotz][4]
>   I don't know about you guys, but I think that text adventures
>   are positively xyzzy.
> 
> - [ledger][5]
>   This program is super useful, and I doubt I'm the only one who
>   dreads every boost update because this takes so long to build!
> 
> - [muttprint][6]
>   I don't always print emails, but when I do, I use muttprint.
> 
> - [opendoas][7]
>   OpenBSD's much simpler alternative to sudo is now available
>   for Linux.
> 
> - [physlock][8]
>   A tty screen locker
> 
> - [sndio][9]
>   OpenBSD's excellent and simple sound system is now available
>   as a userspace daemon for Linux, and a surprising number of
>   things can build against it easily.
> 
>   Note that if I did bring this in, I wouldn't be including my
>   very basic XDG basedir patch (see AUR scripts). I'm going to
>   try and submit a better one upstream, and if that fails,
>   then...oh, well, I guess.
> 
> - [t-prot][10]
>   It's just a simple script, but as a mutt user, it comes very
>   much in handy for making many emails more legible.
> 
> - [translate-shell][11]
>   Very useful for simplifying or scripting translation tasks
>   (not that you should be counting on google translate to handle
>   anything longer than a few words, but still)
> 
> - [xurls][12]
>   Saves you the trouble of parsing strings to find links
> 
> # Links
> 
> [1]: https://aur.archlinux.org/packages/?SeB=m=escondida
> [2]: https://github.com/Cloudef/bemenu
> [3]: https://tools.suckless.org/farbfeld/
> [4]: http://frotz.sourceforge.net/
> [5]: https://www.ledger-cli.org
> [6]: http://muttprint.sourceforge.net/
> [7]: https://github.com/Duncaen/OpenDoas
> [8]: https://github.com/muennich/physlock
> [9]: http://www.sndio.org/
> [10]: http://www.escape.de/~tolot/mutt/
> [11]: https://www.soimort.org/translate-shell/
> [12]: https://github.com/mvdan/xurls
> 

Awesome! Well, best of luck, I think you'll make a great addition :)

Regards,

Andrew



signature.asc
Description: OpenPGP digital signature

Re: [aur-general] TU application: Ivy Foster

[Johannes Löthberg via aur-general]

Hey,

Quoting Ivy Foster (2018-01-26 22:23:08)
> Hi, folks,
> 
> I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to
> be my sponsor.
> 

Don't really have anything to say other than "Awesome!"

-- 
Sincerely,
  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  PGP Key FP: 5134 EF9E AF65 F95B 6BB1  608E 50FB 9B27 3A9D 0BB5
  https://theos.kyriasis.com/~kyrias/


signature.asc
Description: signature

Re: [aur-general] TU application: Ivy Foster

[Ivy Foster]

On 26 Jan 2018, at 10:31  +0100, Alad Wenter via aur-general wrote:
> Note: If possible please add a short reply with a GPG signature.

My mistake! Here's my official, signed reply.

Eli Schwartz wrote:
> Lukas has beaten you to it: https://packages.archlinux.org/ledger

That is excellent news!

Thanks,
Ivy

signature.asc
Description: PGP signature

Re: [aur-general] TU application: Ivy Foster

[Eli Schwartz via aur-general]

On 01/26/2018 04:23 PM, Ivy Foster wrote:
> Hi, folks,
> 
> I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to
> be my sponsor.

It is great to see you take the plunge, I wish you the best of luck!

> Arch has always been a rewarding community to contribute to, and I
> figure that maintaining some packages and generally helping out could
> be a good way to contribute a bit more.
> 
> If accepted to be a TU, my plan of action is as follows:
> 1. Go mad with power^U
> 1. Bring a handful of packages into [community] (see below)
> 2. Help out with rebuilds and package updates where that does not
>   involve stepping on toes
> 3. Continue to submit occasional patches to Arch projects
> 4. Help with to-do lists. Off the top of my head, taking a quick look
>   at current to-do lists with actual outstanding items:
> 
>   
> https://www.archlinux.org/todo/packages-with-out-of-repositories-dependencies/
>   I'd be interested both in simply weeding out those
>   with inappropriate deps and in bringing in deps I'd
>   consider actually useful, such as tcllib for tcl-remind.
> 
>   https://www.archlinux.org/todo/source-retirement/
>   https://www.archlinux.org/todo/codegooglecom-retirement/
>   I wouldn't mind tracking down lost sources.

Sounds like a (wo)man after my own heart! This reminds me I still have
so much to do... like all that https/gpg stuff.
I will welcome the help, certainly. ;)

> Thanks for your consideration, and I'm of course happy to answer
> questions and address critiques.

We discussed this on IRC already, I'll have to check and see how you've
adapted to my suggestions.

But overall, quite good!

Detailed review at the end...


> - [ledger][5]
>   This program is super useful, and I doubt I'm the only one who
>   dreads every boost update because this takes so long to build!

Lukas has beaten you to it: https://packages.archlinux.org/ledger

-- 
Eli Schwartz
Bug Wrangler and Trusted User


...

2018-01-25 07:05:26 PM  guysescondida: I heard the news, good for you!
2018-01-25 07:06:48 PM  escondida   guys: haha, well, nothing's official
yet. Still gotta actually, like apply (-:
2018-01-25 07:06:50 PM  escondida   But thanks!
2018-01-25 07:06:52 PM  escondida   How're you?
2018-01-25 07:07:11 PM  guysDoing well
2018-01-25 07:07:27 PM  guysI cloned your AUR packages and am going to
look through them.
2018-01-25 07:07:51 PM  guysI noticed something immediately, cgo-git has
a custom:cgo-git license, but it is really an ISC license.
2018-01-25 07:08:15 PM  guysAnd it installs the whole source code in
/usr/share/licenses/ instead of using sed to extract it or something. :p
2018-01-25 07:09:25 PM  guysI'd just extract the first few lines using
sed, until I hit the first  */ and call it a day
2018-01-25 07:11:05 PM  escondida   Seems like a good solution
2018-01-25 07:11:25 PM  guysAlso, the upstream Makefile is terrible and
should use CFLAGS properly :p
2018-01-25 07:11:36 PM  escondida   Yup
2018-01-25 07:12:27 PM  guysI want pull requests to fix this :p
2018-01-25 07:12:43 PM  escondida   Yeah, I should really do that
2018-01-25 07:13:09 PM  escondida   The main reason I haven't is that I
haven't actually *used* cgo-git much at all since the day I installed
it; I just wanted a gopher client around on principle
2018-01-25 07:13:20 PM  guyshah
2018-01-25 07:14:13 PM  fsckd   wait? did escondida actually apply or is
this just info. moving along the grapevine?
2018-01-25 07:14:28 PM  guysfist, should be upgraded to use HTTPS since
their website upgrades you anyway
2018-01-25 07:14:50 PM  guysfsckd: not yet, but we of the secret towers
get advance warning!
2018-01-25 07:15:23 PM  fsckd   cool!
2018-01-25 07:16:41 PM  escondida   Haha, I'm glad they upgraded to https!
It still amazes me that the program is still floating around at all
2018-01-25 07:16:51 PM  guysOh this is terrible, fist sets
mandir=$prefix/man instead of $prefix/share/man
2018-01-25 07:16:57 PM  @jasonwryan escondida: I use cgo-git, it works 
great!
2018-01-25 07:17:01 PM  escondida   yus
2018-01-25 07:18:20 PM  fsckd   jasonwryan: your gopher site is rather...
bare... :P
2018-01-25 07:18:40 PM  @jasonwryan fsckd: work in progress :p
2018-01-25 07:18:48 PM  guys`INSTALL_PROGRAM='install -D' *might* make
fist not need to have all directories created beforehand.
2018-01-25 07:18:56 PM  @jasonwryan well, stalled wip maybe a better
description
2018-01-25 07:20:03 PM  fsckd   jasonwryan: what do you use for a server?
2018-01-25 07:20:49 PM  fsckd   when i finally get my site up. i may
consider making a gopher mirror.
2018-01-25 07:20:50 PM  guysescondida: no, sadly that will not work as
this Makefile contains freaking dependencies on $(BINDIR)
2018-01-25 07:20:56 PM  escondida   guys: That is clever, but I usually try
to avoid weird 

Re: [aur-general] TU application: Ivy Foster

[Alad Wenter via aur-general]

On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote:
> Hi, folks,
> 
> I'm writing to apply to be a TU, and Alad Wenter has kindly agreed to
> be my sponsor.
> 
I hereby confirm my sponsorship.

Note: If possible please add a short reply with a GPG signature.
Thanks!

Alad


signature.asc
Description: PGP signature