Re: [aur-general] TU resignation

[Morten Linderud via aur-general]

On Sun, Dec 20, 2020 at 03:17:12PM +0100, Baptiste Jonglez wrote:
> Hi,
> 
> I have been less active in Arch for some time.  I'm involved in many other
> projects that end up taking lots of time, and as a result I don't have the
> required time / energy / interest for Arch anymore.  When my last Arch
> machine died recently after 10 years of loyal Arch service, it was a good
> sign that I should make this official.
> 
> With that being said, I am resigning as a TU.  I've had some, let's say,
> "disagreements" with a few members of the team over the years, but overall
> it was a positive experience.  Keep up the good work, and take care of
> this delicate balance between technical excellence and community-minded
> approach.

Thanks for the work over the years :)! Hopefully we'll see you around if you end
up resurrecting the Arch machine of yours :D

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - orhun

[Morten Linderud via aur-general]

On Sat, Dec 12, 2020 at 08:03:45PM +0300, orhun via aur-general wrote:
> Dear Arch Linux Trusted Users & Developers,

Yo!

> The intent of this mail is to apply for the role of Trusted User with the
> confirmation/sponsorship of Sven-Hendrik Haase and Levente Polyak.

Good luck with the application.

> HOW CAN I HELP?
> 
> I'm aiming to turn my motivation and enthusiasm in regards to the Arch
> Linux project into professional and valuable contributions since I
> learn fast and adapt to the changes quickly. My first step towards
> that goal was to start maintaining packages in AUR and I still do due
> to the fact that I feel like I should somehow give back to the
> community. I think the packaging is an interesting topic and I'm
> experiencing/learning new things by doing it. As for now, my
> purpose is to adopt/maintain Rust, Go, C, and Python packages in the
> community repository, move some of my favorite packages about
> networking like gping [10] and ali [11] to there and help with the tooling
> of reproducible builds.

Both ali and gping are packages with limited use (the projects and packages are
months old). Are there any packages you intend to help co-maintain in the
repositories? Any orphaned packages in the repositories that would be of
interest?

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - rgacogne

[Morten Linderud via aur-general]

On Sun, Nov 29, 2020 at 12:55:21AM +0100, Morten Linderud wrote:
> Hi everyone!
> 
> A little bit overdue but the discussion period is over. I apologize for 
> missing
> the deadline by a day.
> 
> 
> I have started the voting
> https://aur.archlinux.org/tu/?id=126

The voting has ended and the results are in:

Yes No  Abstain Total   Voted   Participation
43  1   4   48  Yes 84.21%

Congratulations Remi! Welcome to the Trusted User team :)

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - rgacogne

[Morten Linderud via aur-general]

Hi everyone!

A little bit overdue but the discussion period is over. I apologize for missing
the deadline by a day.


I have started the voting
https://aur.archlinux.org/tu/?id=126

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU removal: Evgeniy 'arcanis' Alekseev

[Morten Linderud via aur-general]

The vote are in and the results:

Yes: 43
No: 2
Abstain: 6
Total: 51 
Participation: 87.93%

The quorum of 66% has been reached with a larger number of "Yes", than "No"
votes.

This means Evgeniy Alekseev is no longer a Trusted User.

On behalf of the Arch team I would like to thank Evgeniy for the work he has 
done
towards the distribtuion the past years!

I will do a follow-up email to [arch-dev-public] with package adoption and 
resigning.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - rgacogne

[Morten Linderud via aur-general]

On Fri, Nov 13, 2020 at 08:52:37AM +0100, Remi Gacogne via aur-general wrote:
> Hello everyone,
> 
> My name is Remi Gacogne, and I hereby apply to join the Trusted Users
> team, kindly sponsored by Levente Polyak and Morten Linderud.

I confirm my sponsorship of Remi :)

I have known Remi since the winter of 2016 when I met the security team during
that years Chaos Communication Congress (he thought I was jelle :D). Along with
funding the security team with anthraxx he has been contributing a lot to the
security team the past years and it's a long overdue application.

Super glad we finally got around to this<3

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU removal: Evgeniy 'arcanis' Alekseev

[Morten Linderud via aur-general]

On Sun, Nov 08, 2020 at 06:48:31PM +0100, Morten Linderud wrote:
> Yo,
> 
> I would like to start the discussion period for a Trusted User removal of
> Evgeniy Alekseev, also known as 'arcanis' on the grounds of 'Special Removal 
> of
> an Inactive TU' [1]. 
> 
> Evgeniy's last action on archweb was '2019-12-25 20:41', and the last vote 
> they
> participated in was the removal of shiv 13 montsh ago. I have also attempted
> sending them an email two times the past 5 months, along with Alad having sent
> them an email. There has been no replies.
> 
> The voting procedure will commence after seven days of discussion
> period, in which Evgeniy can state his case.
> 
> Cheers,
> 
> [1] 
> https://aur.archlinux.org/trusted-user/TUbylaws.html#_special_removal_of_an_inactive_tu


The discussion period has ended and I have created the removal vote according to
the TU bylaws.

https://aur.archlinux.org/tu/?id=125

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU removal: Evgeniy 'arcanis' Alekseev

[Morten Linderud via aur-general]

On Sun, Nov 08, 2020 at 02:38:59PM -0500, Eli Schwartz via aur-general wrote:
> > The voting procedure will commence after seven days of discussion
> > period, in which Evgeniy can state his case.
> 
> 7 days is the discussion period for a normal removal vote; the
> discussion period for one triggered by inactivity is 3 days.

Welp, shouldn't copy paste it seems :) Thanks for the headsup. I'll take this
for vote on the 11th of November.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

[aur-general] TU removal: Evgeniy 'arcanis' Alekseev

[Morten Linderud via aur-general]

Yo,

I would like to start the discussion period for a Trusted User removal of
Evgeniy Alekseev, also known as 'arcanis' on the grounds of 'Special Removal of
an Inactive TU' [1]. 

Evgeniy's last action on archweb was '2019-12-25 20:41', and the last vote they
participated in was the removal of shiv 13 montsh ago. I have also attempted
sending them an email two times the past 5 months, along with Alad having sent
them an email. There has been no replies.

The voting procedure will commence after seven days of discussion
period, in which Evgeniy can state his case.

Cheers,

[1] 
https://aur.archlinux.org/trusted-user/TUbylaws.html#_special_removal_of_an_inactive_tu

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - bastelfreak

[Morten Linderud via aur-general]

On Sun, Oct 18, 2020 at 05:39:41PM +0200, Tim Meusel via aur-general wrote:
> Hi!

Yo!
 
> Besides working on open source projects, I spent a huge amount of time
> for my second passion, cooking and doing BBQ. From time to time I also
> attend ice hockey events as visitor but also as hobby-referee or player.

Yes.. I heard some rumors about team members ice skating and ending up with
stitches during this years FOSDEM. This might be more useful information then
you know :D

> As a trusted user I would like to co-maintain those packages, enable
> tests on the PKGBUILDs where tests are currently missing (for example
> ruby-puppet-resource_api, ruby-semantic_puppet and Puppet), fix the
> remaining namcap warnings (for example on facter and libwhereami) and
> also import some other Puppet related tools into the official
> repository. Some of them are already in the AUR (not all maintained by
> myself):
> 
> [snip package list]

How interested would you be to pick up a bit on the Ruby Gem package guidelines
on the wiki, and how are you currently keeping track of package updates?

https://wiki.archlinux.org/index.php/Ruby_Gem_package_guidelines

> I talked to shibumi and hashworks in the past days, both reviewed the
> packages and agreed to sponsor my application.

Generally they look nice and I don't spot any major rewrites as part of the
sponsor reviewing. Which is a good sign I guess!  I don't know ruby very well,
which is why it was *very* fortunate that you uploaded a Go PKGBUILD today :)
Now I have some pointers!

Generally speaking it's fine. I think the `glibc` in `depends` makes no sense
when there are other dependencies present, but it's generally not an issue.

Before `prepare` you have listed up 8 environment variables for the go compiler,
generally they should be inside the given functions as makepkg does magic to the
environment between the different prepare/build/check/package steps. So this is
wrong and should be moved inside build and check.

`prepare` is fine, but `$srcdir` is not really needed. But that is more a
cosmetic thing.

build is fine, but it has a few issues. Where is the build.SHA from? BuildDate
is set to current time, which is not reproducible. Preferably it should adhere
to `SOURCE_DATE_EPOCH` as noted by Reproduible Builds like so:

 -X 'github.com/choria-io/go-choria/build.BuildDate=$(date 
-d@"${SOURCE_DATE_EPOCH}" '+%F %T %z')'

But apart from that both check and package is fine.

> I'm available on Freenode as bastelfreak. I'm pretty active in
> #archlinux.de and #voxpupuli. My GPG key fingerprint is
> C10B6298A584A5632E254DA304D659E6BF1C4CC0

As noted in another email, rsa2048 is bordering on weak these days. It would be
preferable to update the keysize if you do get accepted. Preferably as part of
the application :)

> best regards, Tim

Cheers and good luck!

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - bastelfreak

[Morten Linderud via aur-general]

On Sun, Oct 18, 2020 at 05:43:11PM +0200, Justin Kromlinger via aur-general 
wrote:
> On Sun, 18 Oct 2020 17:39:41 +0200
> Tim Meusel via aur-general  wrote:
> 
> > I talked to shibumi and hashworks in the past days, both reviewed the
> > packages and agreed to sponsor my application.
> 
> I hereby confirm my sponsorship.

Why did you decide to sponsor Tim? I see some explanations from shibumi and
Thore, but it would be nice with a few more sentences then just a confirmation.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application - bastelfreak

[Morten Linderud via aur-general]

On Sun, Oct 18, 2020 at 03:49:28PM +, Kusoneko wrote:
> On October 18, 2020 3:39:41 PM UTC, Tim Meusel via aur-general 
>  wrote:
> >Hi!
> >snip
> 
> Not a TU, but I noticed that the GPG key that signed this application is
> expired according to my mail client.

It's not extended on the keyservers, but you can retrieve an extended one
through WKD.

gpg --auto-key-locate clear,wkd -v --locate-external-key t...@bastelfreak.de


However, RSA2048 is a bit weak honestly. rsa4096 or some EC thingie should be
preferred.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] AUR request notify mails

[Morten Linderud via aur-general]

On Mon, Aug 10, 2020 at 07:28:35PM +0200, Michael Straube via aur-general wrote:
> Hi,
> 
> in the past, when I filed an AUR request, I got a copy (via CC ?, not
> sure..) of the request send to my email account.
> 
> Today I opened
> https://lists.archlinux.org/pipermail/aur-requests/2020-August/043176.html
> but was not emailed.
> 
> Has this behaviour changed? Is it intended? Went something wrong during the
> AUR migration to a new server? I'm just curious. ;)
> 
> Michael


The email has the CC.

To: aur-reque...@archlinux.org
Cc: not...@aur.archlinux.org, alejandroval...@live.com, 
michael.stra...@posteo.de

Can you verify that the email wasn't caught by any spam filters?

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU resignation - Lukas Jirkovsky (stativ)

[Morten Linderud via aur-general]

On Fri, Oct 11, 2019 at 06:06:31PM +0200, Lukas Jirkovsky via aur-general wrote:
> The packages left that I'm still listed as a sole maintainer doesn't get
> updates too often and are fairly trivial to update. Though I guess some
> of them can be safely dropped without anyone noticing (I'm looking at
> you, gimp plugin packages).


Added a list of packages maintained solely by stativ. Please adopt as people 
see fit :)

λ ~ » /usr/share/archlinux/contrib/package/co-maintainers -m stativ
diffuse
ttf-gentium
aide
cdrtools
cuetools
gemrb
gimp-plugin-fblur
gimp-plugin-lqr
gimp-plugin-wavelet-denoise
gimp-refocus
kcm-wacomtablet
kgraphviewer
klavaro
krusader
libiptcdata
log4cpp
rawtherapee
soundkonverter



> So Long, and Thanks for All the Fish,

Thanks for all your work through the years Lukas!

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Packaging a go application

[Morten Linderud via aur-general]

On Sat, Sep 07, 2019 at 02:37:13PM +0200, Rhys Perry via aur-general wrote:
> Hi, I am currently trying to package an application for use in the aur. The
> problem I am having is the install() section. The only thing i need to be done
> is for the package to move '$srcdir/$_gitname/fathom' into '/bin/'. How would
> I turn that into a .tar.gz?

Why would you need to turn anything into `.tar.gz`? Are you thinking about a
package? `makepkg` does that for you.

Reading the PKGBUILD it seems like you haven't read all the relevant package
guideline pages we provide.

https://wiki.archlinux.org/index.php/Go_package_guidelines

https://wiki.archlinux.org/index.php/VCS_package_guidelines#Git


> ### PKGBUILD STARTS HERE ###
> license=("MIT")

The license needs to be installed in `package()`.

> arch=("any")

This isn't an "any" package as it contains compiled code. `x86_64` should be
enough
> 
> makedepends=("git" "go" "npm")

Usually you want to build towards `go-pie` to provide PIE enabled binaries. But
since it's an AUR package this isn't super important.

> source=("git://github.com/usefathom/fathom.git")

You want "git+https://github.com.;

> build(){
> export GOPATH="$srcdir"/gopath
> cd $srcdir/$_gitname
> make build
> }

You need to cd into the complete gopath of the source.

> 
> package(){
> echo "I don't know what to do now"
> }

Read any normal PKGBUILD from our repository or guidelines. It should be fairly
obvious.

You can also look at examples by taking a look at the PKGBUILDs from other
go projects. Click on the ones listing `go-pie` as a "(make)" dependency.


https://www.archlinux.org/packages/community/x86_64/go-pie/

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Are AUR VCS packages that depend on AUR VCS packages from other projects a good idea and who should decide on that ?

[Morten Linderud via aur-general]

On Fri, May 03, 2019 at 06:00:32PM +0300, Konstantin Gizdov wrote:
> I understand we have standards and requirements and suggestions and best
> practices and so on, but for the Arch User Repository - is Lone_Wolf not
> allowed to make a package called
> 'my-awesome-mesa-git-that-uses-llvm-git-and-thats-final'? And as long as
> it builds, installs safe, runs fine, **fulfils a purpose**, **doesn't
> have an equivalent** and **does not abuse the website or users**, then
> all we can do is say 'Good Job'?

Well no, it has to be usefull for more then just a few people.

'my-personal-highly-specialized-llvm-git-package' won't necessarily be allowed.
If this is the case for this package I have no clue, have not followed the
thread that closely.

"Make sure the package you want to upload is useful. Will anyone else want to
use this package? Is it extremely specialized? If more than a few people would
find this package useful, it is appropriate for submission."

https://wiki.archlinux.org/index.php/Arch_User_Repository#Rules_of_submission

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Trusted user application: Drew DeVault

[Morten Linderud via aur-general]

On Sun, Feb 24, 2019 at 06:40:13PM -0700, Brett Cornwall via aur-general wrote:
> Here's a PKGBUILD review:

Some additional points!

> ## madonctl
* This package needs to drop `go get` as we have vendored deps.

> ## python-activipy-git
* "v" should be removed from the pkgver as we are dealing with versioned tags.

> ## vgo-git
* This package has support for go modules. So it can drop all of the voodoo it
  is currently doing.

## python-asyncio_redis
* I'm a bit unsure what 2 clause BSD is traditionally called. But it's not `2
  clause BSD`. After some searching from the repos it seems like `BSD` should be
  enough(?)

Also want to stress the lack of MIT license being places in
`/usr/share/licenses/`, along with source not currently enforcing shared
SRCDEST as Brett pointerd out.

Else the review from Brett seems decent :) Great work.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Handling coincidental name collisions

[Morten Linderud via aur-general]

On Sat, Feb 09, 2019 at 02:49:33PM +0100, Xyne wrote:
> The discussion is important because we need to have a general consensus on
> deletion criteria. Rogue TUs can't be allowed to roam the AUR deleting 
> whatever
> they personally don't find useful on a given day.

`Make sure the package you want to upload is useful. Will anyone else want to
use this package? Is it extremely specialized? If more than a few people would
find this package useful, it is appropriate for submission.`

https://wiki.archlinux.org/index.php/Arch_User_Repository#Rules_of_submission

4 stars on github and...0 votes on the AUR (?) would probably constitute a very
specialized package. This was handled with a deletion request and not blindly
deleted, so I don't see the fuzz here personally.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU Application_R: Metal A-wing (a-wing)

[Morten Linderud via aur-general]

On Thu, Dec 27, 2018 at 03:35:28PM +0800, Metal A-wing wrote:
> I started using Ubuntu in high school.
> And I use Debian at university.
> In 2017, I started Archlinux
> 
> I also tried other distributions. linux mint, deepin linux, gentoo, centos

This seems fairly rushed.

The AUR registration occured in April of 2018, and there is only a handfull of
commits to actual AUR packages. Let alone there are not any popular packages
what so ever here. The archlinuxcn repository is cool and all, but that doesn't
help at all if the AUR contributions are lacking. Thats what the role is for
after all.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Legal question - Arch Linux trademark on goodies - Transparency

[Morten Linderud via aur-general]

Im unsure why this was posted to aur-general and not arch-general? Probably
wrong ML.

On Wed, Jan 09, 2019 at 03:16:09PM +0100, William Gathoye wrote:
> When someone is donating money to the project, who is receiving it? How
> can we have transparency about the IN/OUT of the treasury (server cost?
> etc.). What is the legal structure behind Arch Linux? Are we a
> foundation like The Document Foundation?

Economy is handled by SPI and can be viewed in the annual reports they publish.
https://www.spi-inc.org/corporate/annual-reports/

And treasury reports:
https://www.spi-inc.org/treasurer/reports/201712/

I don't find anything for 2018 yet. But I assume that will be published soon.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Exact purpose of check()

[Morten Linderud via aur-general]

We can also add a more explicit warning in the package guidelines.

https://wiki.archlinux.org/index.php/Python_package_guidelines#Check

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Exact purpose of check()

[Morten Linderud via aur-general]

On Wed, Jan 02, 2019 at 03:44:46PM +0100, Julien Nicoulaud via aur-general 
wrote:
> There is a bit of debate at the borgmatic package (
> https://aur.archlinux.org/packages/borgmatic) about what check() should do.
> The upstream borgmatic project uses tox to execute its tests. tox creates
> an isolated python virtualenv with the correct dependency versions and
> executes tests in there.

Don't use tox. We are checking of the dependecies we correct as well. Installing
deps with tox from pypi defeats this purpose.

> The original maintainer thinks check() should not use tox so that tests can
> be run against the system installed dependencies. But this is not so easy
> to do, an attempt was made by installing the python package into an
> isolated directory just for tests, but even then it seems to conflict with
> an existing borgmatic installation.

The original maintainer is correct. This is also why you should be running clean
chroots. But if it's conflicting you are doing something wrong

> Another way of seeing things is that check() should just run tests the way
> it is intended by upstream, it is for testing the build artifacts are
> correct, not for testing it will run correctly on the system where it is
> built. By this logic check() should just run tox, and correct dependency
> versions can be enforced by using version ranges in "depends".

Using tox is for convenience, but if tox is using nose or pytest then use that.
Don't use version ranges to check if dependencies are correct, run the tests.

We shouldn't download anything after dependencies and sources have been fetched.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Daurnimator

[Morten Linderud via aur-general]

Yo!

The vote is over and the results are inn!

Yes:  22
No:   15
Abstain:  12
Participation:89.09%

Congratulations! I have updated the AUR account.

Please follow the TODO and poke me with any questions you have :)

https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#TODO_list_for_new_Trusted_Users

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Daurnimator

[Morten Linderud via aur-general]

On Wed, Nov 28, 2018 at 04:20:22PM +0100, Morten Linderud via aur-general wrote:
> As of the recent discussions; We could try the "co-sponsorship" before the
> voting process? Say one or two people confirm they think the voting process
> should be continued after the discussion has ended?

There was no negative nor positive reply to this. So I'll omit this and go for
the voting period.

Sorry for the delay as the reproducible builds summit took up most of my day :)

https://lists.archlinux.org/pipermail/aur-general/2018-November/034669.html


-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Daurnimator

[Morten Linderud via aur-general]

On Thu, Nov 29, 2018 at 02:03:33AM +1100, Daurnimator wrote:
> I'm applying to be a Trusted User; Foxboron has kindly sponsored me and has
> been mentoring me on the specifics over the last couple of months.

Yo!

I confirm my sponsorship of Daurnimator!

Because of the recent discussion regarding the TU application process, I'll also
write some words. Might be a good first step in the right direction.

Daurnimator reached out to Barthalion, Antonio and Anatol (I think) on the 6th
of September regarding the current state of our LUA packages where he wanted to
help improve the situation. Barthalion threw me into the mail chain on the 12th
of September, and I have been following up on him since then :)

I have also done two reviews of his AUR packages to the best of my ability (I
don't know LUA very well). One when we initially started talking in September,
and last one before the application was sent. Most of the "errors" where
stylistic, and some mistakes when downloading sources where they where not named
properly. They have been fixed and daurnimator has also sought advice in
#archlinux-aur when my explanations where not on point.


All-in-all I have a very positive experience with working with him during this
process.

As of the recent discussions; We could try the "co-sponsorship" before the
voting process? Say one or two people confirm they think the voting process
should be continued after the discussion has ended?

-- 
Morten Linderud
PGP: 9C02FF419FECBE16



signature.asc
Description: PGP signature

Re: [aur-general] TU application: Maxim Baz

[Morten Linderud via aur-general]

Yo! The vote is over, and the results are inn!

Yes:  33
No:   10
Abstain:   9
Participation:   100%(!!!)

Congratulations! I have update your AUR account :)

Pleaase follow the TODO and poke me for any questions you have going forward!
https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#TODO_list_for_new_Trusted_Users

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU Application: Daniel M. Capella

[Morten Linderud via aur-general]

On Thu, Nov 15, 2018 at 06:51:31PM -0500, Daniel M. Capella via aur-general 
wrote:
> Quoting Eli Schwartz via aur-general (2018-11-15 00:52:50)
> > On 11/14/18 11:50 PM, Daniel M. Capella via aur-general wrote:
> > > Quoting Levente Polyak via aur-general (2018-11-14 17:00:38)
> > >> - tests are awesome <3 run them whenever possible! more is better!
> > >>   pulling sources from github is favorable when you get free tests
> > >>   and sometimes manpages/docs
> > > 
> > > Will work with the upstreams to distribute these. I prefer to use 
> > > published
> > > offerings as they are what the authors intend to be used. GitHub 
> > > autogenerated
> > > tarballs are also subject to change:
> > > https://marc.info/?l=openbsd-ports=151973450514279=2
> > 
> > I've seen the occasional *claim* that this happens, but I've yet to see
> > any actual case where this happens and it isn't because of upstream
> > force-pushing a tag.
> > 
> > GitHub is supposed to use git-archive(1) for this, which is guaranteed
> > to be reproducible when generating .tar, although in theory
> > post-filtering this through a compressor like gzip can result in changes
> > from one version of git to another. I say in theory because I don't
> > recall this ever happening, and git-archive uses the fairly boring defaults.
> > 
> > I don't see any reason to use substandard sources in order to avoid
> > checksum problems I don't believe in.
> 
> "substandard" 樂 
> https://wiki.archlinux.org/index.php/Python_package_guidelines#Source

Those guidelines are mainly in the context of the python ecosystem. There are no
prefferences, only options. If tests, manpages or  sources are missing from the
pypi mirrors because of mismanagement from upstream, then they are indeed
substandard.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Maxim Baz

[Morten Linderud via aur-general]

Yo!

The discussion period is over and the voting has begun!

Great review session everyone, and I hope we can see more things like that in
the future :)

https://aur.archlinux.org/tu/?id=113

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] On TU application, TU participation and community/ package quality

[Morten Linderud via aur-general]

On Sun, Nov 11, 2018 at 01:29:31PM -0500, Santiago Torres-Arias via aur-general 
wrote:
> ### TU council

I'll summarize this with: I'm unsure.

This feels like smacking a social problem with a hammer. I'm also afraid of
power imbalance as Ivy have noted. I think we should refocus this effort into
something else. Explained below.

> ### Minimum number of sponsors

I like this idea as a minimum amount of sponsorships. This could also help
getting the new TUs up to speed with how things work. This could combine well
with Jonathons suggestions of a "probation phase" (Which we have anyway since
key signing takes *AGES*).

This could also fit well with having co-maintainers? The sponsors should
co-maintain the packages the applicant adopts from AUR?

> ### Oversight committee

I think we should refocus this effort into something simpler; clarifying package
guidelines and actually make it easy for existing TUs to figure out *HOW* to
package different ecosystems. This could also contribute to removing old habits.

I have spent some hours upgrading out Go and Python guidelines to comfort to
something we can understand, agree on and doesn't forward bad habits from old
PKGBUILDs. A lot of knowledge is implicit, or just derived second-hand from
people that are presumed to know things. What happens if those people disappear
tomorrow? How is the committee suppose to define a `high-quality PKGBUILD` if we
can't distinguish peoples strong subjective opinions from factualities.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU application: Maxim Baz

[Morten Linderud via aur-general]

Yo!

On Mon, Oct 29, 2018 at 01:16:46PM +0100, Maxim Baz via aur-general wrote:
> My name is Maxim Baz, and with Morten Linderud (Foxboron) as my sponsor
> (who I was referred to by Alad Wenter) I'm applying to become a Trusted User.

I confirm my sponsorship of Maxim. Let the discussion period begin :)

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU Application - Konstantin Gizdov

[Morten Linderud via aur-general]

On Sun, Oct 28, 2018 at 04:02:40PM -0400, Daniel M. Capella via aur-general 
wrote:
> It's upsetting and embarrassing that the only staffer to stand against this
> behavior directly in the ML is the applicant's sponsor. This disrespectful
> behavior occurs all the time. Can we enforce our Code of Conduct or is it just
> for show?

It's frankly embarrassing that it has to go this far. Eli is avoiding the
discussion on IRC and refuses to answer.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Critique my pkgbuild

[Morten Linderud via aur-general]

On Wed, Oct 10, 2018 at 03:52:49PM +0200, Tinu Weber wrote:
> On Wed, Oct 10, 2018 at 15:48:31 +0200, Morten Linderud via aur-general wrote:
> > > makedepends=('make')
> > 
> > `make` is present in `base-devel` thus shouldn't be a listed dependency. 
> > Unsure
> > if its however worth listing it as it's the only needed build-time 
> > dependency?
> 
> As it is a git package (and git is not in base-devel), I would argue
> that at least 'git' should go in there.

Woopsie. That completely escaped me :D


-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Critique my pkgbuild

[Morten Linderud via aur-general]

On Wed, Oct 10, 2018 at 01:34:25PM +, Ethan Rakoff wrote:
> # Maintainer: Ethan Rakoff 
> 
> pkgname=threemawebqt

Needs to have a -git suffix as it builds from a git source and is thus a VCS
package.

> pkgver=0.1

You need a pkgver() function as this is an VCS package. Since you don't have
tags yet you should count the number of revisions.

pkgver() {
  cd "$pkgname"
  printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short 
HEAD)"
}

https://wiki.archlinux.org/index.php/VCS_package_guidelines#Git

> pkgrel=1
> pkgdesc="Thin client for Threema Web, the web client for Threema, an E2E 
> encrypted messaging app."
> arch=('i686' 'x86_64')
> url="https://github.com/ethanrakoff/${pkgname};
> license=('MIT')
> depends=('qt5-base' 'qt5-webengine')
> makedepends=('make')

`make` is present in `base-devel` thus shouldn't be a listed dependency. Unsure
if its however worth listing it as it's the only needed build-time dependency?

> source=("git+${url}")

I personally dislike the need to use variables just because they exist.

This reads much better:
source=("git+https://github.com/ethanrakoff/threemawebqt;)

> md5sums=('SKIP')
> 
> build() {
>   cd "${pkgname}/src"
> 
>   qmake
>   make
> }
> 
> package() {
>   cd "${srcdir}/${pkgname}/src"

You omitted `$srcdir` from `build()` but added it here. This is mostly a style
thing, but I'd just omit it all together.

>   make INSTALL_ROOT="${pkgdir}" install
> 
>   install -Dm644 icon.png "${pkgdir}/usr/share/icons/${pkgname}/icon.png"
>   install -Dm644 ../threemawebqt.desktop 
> "${pkgdir}/usr/share/applications/threemawebqt.desktop"
>   install -Dm644 ../LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
> }
> 




-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Attempting to update upwork-beta, and hit a head-scratcher

[Morten Linderud via aur-general]

I have removed the suspension.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] acroread package compromised

[Morten Linderud via aur-general]

These where the compromised packages and their package versions:

* acrored 9.5.5-8
* balz 1.20-3
* minergate 8.1-2

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] PKGBUILD for Automatic Arch System Maintenance

[Morten Linderud via aur-general]

On Sat, Jul 07, 2018 at 02:47:16PM -0400, Michael Dobachesky via aur-general 
wrote:
> Hello everyone,
> 
> I have been working on a package that automatically does Arch Linux system
> maintenance tasks like updating, cleaning, error checking, etc.
> It has really helped me out and I am hoping that it will help out others as
> well.

Well, "cleaning" is an understatement. It's frankly destructive.
Repackaging other peoples scripts without understanding the content is just bad.

https://gitlab.com/mgdobachesky/ArchSystemMaintenance/blob/master/maint-1.0.0/Scripts/rmjunk.py

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Delete spam comment/account from aur

[Morten Linderud via aur-general]

On Thu, Jun 07, 2018 at 11:36:54AM +0200, Maxim Andersson via aur-general wrote:
> Regarding this page 
> https://aur.archlinux.org/packages/aur-comment-fetcher-git/
> 
> Could the comment from 2018-06-06 (and maybe spammer-account?) please
> be deleted.

As a headsup. I removed the comment and deleted the user.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU resignation

[Morten Linderud via aur-general]

On Thu, May 31, 2018 at 09:03:02AM +0200, Pierre Neidhardt via aur-general 
wrote:
> 
> I've stopped using Arch ever since I've switched to GuixSD[1] (a
> functional-oriented distribution focusing on reproducible builds and
> completely custimizable in Guile Scheme) and it's now quite clear that
> there will be no coming back.
> 
> My involvement in this new project and in others (Emacs, Next
> Browser[2]) takes a lot more time than what I can afford into
> maintaining my Arch packages.

Thanks for your work through the years :)

> - qutebrowser
> - udiskie
> - fzf
> - pdfjs (optional for qutebrowser)
> - python-keyutils (required by udiskie)
> - python-pypeg2 (require by qutebrowser)

I have adopted these packages!



-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Basilisk pkgbuild is facing a trademark violation?

[Morten Linderud via aur-general]

On Sat, May 19, 2018 at 07:23:52PM +0200, Fabio Loli via aur-general wrote:
> Mattatobin, of which you can read here
> 
> https://github.com/jasperla/openbsd-wip/issues/86
> 
> Have made this (edited) comment in the AUR webpage asking for removal
> 
> https://aur.archlinux.org/packages/basilisk
> ​​​
> You do realize this package is completely insane. I want you to
> remove any remaining Basilisk branding and use of the name including
> in the desktop file and this very package from AUR that you are
> obviously squatting on.

If he thinks the package should be deleted, he can submit a deletion request 
like everyone else.

-- 
Morten Linderud
PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Build packages without Arch on pkgbuild.com

[Morten Linderud via aur-general]

On Sun, Apr 08, 2018 at 07:09:06PM +0530, Pierre Neidhardt wrote:
> 
> Morten Linderud  writes:
> 
> > What i have done now is to launch a second gpg-agent that only
> > provides an -extra socket with no caching what so ever.
> 
> I thought of something along those lines.  Can you detail the commands
> so that we can put that on the wiki?
> 

Symlink gpg.conf and private-keys-v1.d into a new gnupg directory. Then just
create a gpg-agent.conf along the lines of:

extra-socket /home/fox/.gnupg-extra/S.gpg-agent.extra
default-cache-ttl 0
max-cache-ttl 0
pinentry-program /usr/bin/pinentry-gtk-2

Then you just launch gpg-agent with the homedir set:
gpg-agent --homedir .gnupg-extra --daemon 

Fix you ssh config to point at the new .extra socket. I'm honestly unsure why
gpg-agent can't be launched into the same homedir twice. But I'm way too lazy to
dig further into gnupg.

-- 
Morten Linderud

PGP: 9C02FF419FECBE16



signature.asc
Description: PGP signature

Re: [aur-general] Build packages without Arch on pkgbuild.com

[Morten Linderud via aur-general]

On Sun, Apr 08, 2018 at 06:09:27PM +0530, Pierre Neidhardt wrote:
> 
> > Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can 
> > enable
> > this only for connections to soyuz.
> 
> But that's only for signing, so that won't do if I have subkeys used for
> other purposes under the same master key, right?

I realized that mistake shortly after. What i have done now is to launch a
second gpg-agent that only provides an -extra socket with no caching what so
ever.


-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Build packages without Arch on pkgbuild.com

[Morten Linderud via aur-general]

On Sun, Apr 08, 2018 at 05:58:11PM +0530, Pierre Neidhardt via aur-general 
wrote:
> 
> What's the best practice to disable password caching?  Set the timeout
> to zero?
> 
> Does anyone know if it's possible to have have a zero-timeout when on
> soyuz while having another timeout time locally?

Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can enable
this only for connections to soyuz.

-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] Build packages without Arch on pkgbuild.com

[Morten Linderud via aur-general]

On Sat, Apr 07, 2018 at 11:53:08AM +0530, Pierre Neidhardt via aur-general 
wrote:
> To perform the complete operation on soyuz, we need to forward the
> gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP
> / Web of Trust security model: for a person with root access to soyuz,
> the private key is only one passphrase away.
> 

Which is why I have been working on clave[1]. It helps in the cases where build
artefacts are large and sorta useless to download after building. But it doesn't
prevent the case where a malicious root user is capable of switching the files
right after build, unless you do some additional verification after generating
the signing request. 

Since it creates signatures with the new packet style, it won't be supported
before pacman 5.1, and I plan on improving it a bit before that time.


[1]: https://github.com/Foxboron/clave 

-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU Application - Robin Broda

[Morten Linderud via aur-general]

On Wed, Mar 07, 2018 at 05:21:39PM -0500, Eli Schwartz via aur-general wrote:
> On 03/07/2018 05:15 PM, Alad Wenter via aur-general wrote:
> >> Eli Schwartz via aur-general  hat am 7. März 
> >> 2018 um 22:16 geschrieben:
> >>
> >> Discussion period is over, time to cast your votes, everyone!
> >>
> >> https://aur.archlinux.org/tu/?id=105
> >>
> > I've cast my vote the moment I saw this email. Last time I didn't, I got an 
> > angry phone call from my email provider because his server crashed from the 
> > sheer amount of reminder mails. :P
> > 
> > Alad
> 
> Please tell them to email complai...@archlinux.org
> 

You are mistaken. The mail has been deprecated in favor of 
/dev/n...@archlinux.org

-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature

Re: [aur-general] TU Application - Robin Broda

[Morten Linderud via aur-general]

On Fri, Mar 02, 2018 at 05:16:52PM +0100, Robin Broda via aur-general wrote:
> Hello,
> 
> I'm Robin 'coderobe' Broda, born in '99, and I'm writing to become a
> Trusted User.
>
> [SNIP]

Yo Robin!

Super happy to see you applying for TU, and I appreciate the support you have
been doing on IRC. However!

I think it's too early. Most of the packages mentioned doesn't have many updoots
and they have frankly been added barely a month ago to the AUR. I'd love to see
more AUR packages from you, and maybe that you adopt some orphan packages from
community.

-- 
Morten Linderud

PGP: 9C02FF419FECBE16


signature.asc
Description: PGP signature