Re: [aur-general] TU resignation
On Sun, Dec 20, 2020 at 03:17:12PM +0100, Baptiste Jonglez wrote: > Hi, > > I have been less active in Arch for some time. I'm involved in many other > projects that end up taking lots of time, and as a result I don't have the > required time / energy / interest for Arch anymore. When my last Arch > machine died recently after 10 years of loyal Arch service, it was a good > sign that I should make this official. > > With that being said, I am resigning as a TU. I've had some, let's say, > "disagreements" with a few members of the team over the years, but overall > it was a positive experience. Keep up the good work, and take care of > this delicate balance between technical excellence and community-minded > approach. Thanks for the work over the years :)! Hopefully we'll see you around if you end up resurrecting the Arch machine of yours :D -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - orhun
On Sat, Dec 12, 2020 at 08:03:45PM +0300, orhun via aur-general wrote: > Dear Arch Linux Trusted Users & Developers, Yo! > The intent of this mail is to apply for the role of Trusted User with the > confirmation/sponsorship of Sven-Hendrik Haase and Levente Polyak. Good luck with the application. > HOW CAN I HELP? > > I'm aiming to turn my motivation and enthusiasm in regards to the Arch > Linux project into professional and valuable contributions since I > learn fast and adapt to the changes quickly. My first step towards > that goal was to start maintaining packages in AUR and I still do due > to the fact that I feel like I should somehow give back to the > community. I think the packaging is an interesting topic and I'm > experiencing/learning new things by doing it. As for now, my > purpose is to adopt/maintain Rust, Go, C, and Python packages in the > community repository, move some of my favorite packages about > networking like gping [10] and ali [11] to there and help with the tooling > of reproducible builds. Both ali and gping are packages with limited use (the projects and packages are months old). Are there any packages you intend to help co-maintain in the repositories? Any orphaned packages in the repositories that would be of interest? -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - rgacogne
On Sun, Nov 29, 2020 at 12:55:21AM +0100, Morten Linderud wrote: > Hi everyone! > > A little bit overdue but the discussion period is over. I apologize for > missing > the deadline by a day. > > > I have started the voting > https://aur.archlinux.org/tu/?id=126 The voting has ended and the results are in: Yes No Abstain Total Voted Participation 43 1 4 48 Yes 84.21% Congratulations Remi! Welcome to the Trusted User team :) -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - rgacogne
Hi everyone! A little bit overdue but the discussion period is over. I apologize for missing the deadline by a day. I have started the voting https://aur.archlinux.org/tu/?id=126 -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU removal: Evgeniy 'arcanis' Alekseev
The vote are in and the results: Yes: 43 No: 2 Abstain: 6 Total: 51 Participation: 87.93% The quorum of 66% has been reached with a larger number of "Yes", than "No" votes. This means Evgeniy Alekseev is no longer a Trusted User. On behalf of the Arch team I would like to thank Evgeniy for the work he has done towards the distribtuion the past years! I will do a follow-up email to [arch-dev-public] with package adoption and resigning. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - rgacogne
On Fri, Nov 13, 2020 at 08:52:37AM +0100, Remi Gacogne via aur-general wrote: > Hello everyone, > > My name is Remi Gacogne, and I hereby apply to join the Trusted Users > team, kindly sponsored by Levente Polyak and Morten Linderud. I confirm my sponsorship of Remi :) I have known Remi since the winter of 2016 when I met the security team during that years Chaos Communication Congress (he thought I was jelle :D). Along with funding the security team with anthraxx he has been contributing a lot to the security team the past years and it's a long overdue application. Super glad we finally got around to this<3 -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU removal: Evgeniy 'arcanis' Alekseev
On Sun, Nov 08, 2020 at 06:48:31PM +0100, Morten Linderud wrote: > Yo, > > I would like to start the discussion period for a Trusted User removal of > Evgeniy Alekseev, also known as 'arcanis' on the grounds of 'Special Removal > of > an Inactive TU' [1]. > > Evgeniy's last action on archweb was '2019-12-25 20:41', and the last vote > they > participated in was the removal of shiv 13 montsh ago. I have also attempted > sending them an email two times the past 5 months, along with Alad having sent > them an email. There has been no replies. > > The voting procedure will commence after seven days of discussion > period, in which Evgeniy can state his case. > > Cheers, > > [1] > https://aur.archlinux.org/trusted-user/TUbylaws.html#_special_removal_of_an_inactive_tu The discussion period has ended and I have created the removal vote according to the TU bylaws. https://aur.archlinux.org/tu/?id=125 -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU removal: Evgeniy 'arcanis' Alekseev
On Sun, Nov 08, 2020 at 02:38:59PM -0500, Eli Schwartz via aur-general wrote: > > The voting procedure will commence after seven days of discussion > > period, in which Evgeniy can state his case. > > 7 days is the discussion period for a normal removal vote; the > discussion period for one triggered by inactivity is 3 days. Welp, shouldn't copy paste it seems :) Thanks for the headsup. I'll take this for vote on the 11th of November. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
[aur-general] TU removal: Evgeniy 'arcanis' Alekseev
Yo, I would like to start the discussion period for a Trusted User removal of Evgeniy Alekseev, also known as 'arcanis' on the grounds of 'Special Removal of an Inactive TU' [1]. Evgeniy's last action on archweb was '2019-12-25 20:41', and the last vote they participated in was the removal of shiv 13 montsh ago. I have also attempted sending them an email two times the past 5 months, along with Alad having sent them an email. There has been no replies. The voting procedure will commence after seven days of discussion period, in which Evgeniy can state his case. Cheers, [1] https://aur.archlinux.org/trusted-user/TUbylaws.html#_special_removal_of_an_inactive_tu -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - bastelfreak
On Sun, Oct 18, 2020 at 05:39:41PM +0200, Tim Meusel via aur-general wrote: > Hi! Yo! > Besides working on open source projects, I spent a huge amount of time > for my second passion, cooking and doing BBQ. From time to time I also > attend ice hockey events as visitor but also as hobby-referee or player. Yes.. I heard some rumors about team members ice skating and ending up with stitches during this years FOSDEM. This might be more useful information then you know :D > As a trusted user I would like to co-maintain those packages, enable > tests on the PKGBUILDs where tests are currently missing (for example > ruby-puppet-resource_api, ruby-semantic_puppet and Puppet), fix the > remaining namcap warnings (for example on facter and libwhereami) and > also import some other Puppet related tools into the official > repository. Some of them are already in the AUR (not all maintained by > myself): > > [snip package list] How interested would you be to pick up a bit on the Ruby Gem package guidelines on the wiki, and how are you currently keeping track of package updates? https://wiki.archlinux.org/index.php/Ruby_Gem_package_guidelines > I talked to shibumi and hashworks in the past days, both reviewed the > packages and agreed to sponsor my application. Generally they look nice and I don't spot any major rewrites as part of the sponsor reviewing. Which is a good sign I guess! I don't know ruby very well, which is why it was *very* fortunate that you uploaded a Go PKGBUILD today :) Now I have some pointers! Generally speaking it's fine. I think the `glibc` in `depends` makes no sense when there are other dependencies present, but it's generally not an issue. Before `prepare` you have listed up 8 environment variables for the go compiler, generally they should be inside the given functions as makepkg does magic to the environment between the different prepare/build/check/package steps. So this is wrong and should be moved inside build and check. `prepare` is fine, but `$srcdir` is not really needed. But that is more a cosmetic thing. build is fine, but it has a few issues. Where is the build.SHA from? BuildDate is set to current time, which is not reproducible. Preferably it should adhere to `SOURCE_DATE_EPOCH` as noted by Reproduible Builds like so: -X 'github.com/choria-io/go-choria/build.BuildDate=$(date -d@"${SOURCE_DATE_EPOCH}" '+%F %T %z')' But apart from that both check and package is fine. > I'm available on Freenode as bastelfreak. I'm pretty active in > #archlinux.de and #voxpupuli. My GPG key fingerprint is > C10B6298A584A5632E254DA304D659E6BF1C4CC0 As noted in another email, rsa2048 is bordering on weak these days. It would be preferable to update the keysize if you do get accepted. Preferably as part of the application :) > best regards, Tim Cheers and good luck! -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - bastelfreak
On Sun, Oct 18, 2020 at 05:43:11PM +0200, Justin Kromlinger via aur-general wrote: > On Sun, 18 Oct 2020 17:39:41 +0200 > Tim Meusel via aur-general wrote: > > > I talked to shibumi and hashworks in the past days, both reviewed the > > packages and agreed to sponsor my application. > > I hereby confirm my sponsorship. Why did you decide to sponsor Tim? I see some explanations from shibumi and Thore, but it would be nice with a few more sentences then just a confirmation. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application - bastelfreak
On Sun, Oct 18, 2020 at 03:49:28PM +, Kusoneko wrote: > On October 18, 2020 3:39:41 PM UTC, Tim Meusel via aur-general > wrote: > >Hi! > >snip > > Not a TU, but I noticed that the GPG key that signed this application is > expired according to my mail client. It's not extended on the keyservers, but you can retrieve an extended one through WKD. gpg --auto-key-locate clear,wkd -v --locate-external-key t...@bastelfreak.de However, RSA2048 is a bit weak honestly. rsa4096 or some EC thingie should be preferred. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] AUR request notify mails
On Mon, Aug 10, 2020 at 07:28:35PM +0200, Michael Straube via aur-general wrote: > Hi, > > in the past, when I filed an AUR request, I got a copy (via CC ?, not > sure..) of the request send to my email account. > > Today I opened > https://lists.archlinux.org/pipermail/aur-requests/2020-August/043176.html > but was not emailed. > > Has this behaviour changed? Is it intended? Went something wrong during the > AUR migration to a new server? I'm just curious. ;) > > Michael The email has the CC. To: aur-reque...@archlinux.org Cc: not...@aur.archlinux.org, alejandroval...@live.com, michael.stra...@posteo.de Can you verify that the email wasn't caught by any spam filters? -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU resignation - Lukas Jirkovsky (stativ)
On Fri, Oct 11, 2019 at 06:06:31PM +0200, Lukas Jirkovsky via aur-general wrote: > The packages left that I'm still listed as a sole maintainer doesn't get > updates too often and are fairly trivial to update. Though I guess some > of them can be safely dropped without anyone noticing (I'm looking at > you, gimp plugin packages). Added a list of packages maintained solely by stativ. Please adopt as people see fit :) λ ~ » /usr/share/archlinux/contrib/package/co-maintainers -m stativ diffuse ttf-gentium aide cdrtools cuetools gemrb gimp-plugin-fblur gimp-plugin-lqr gimp-plugin-wavelet-denoise gimp-refocus kcm-wacomtablet kgraphviewer klavaro krusader libiptcdata log4cpp rawtherapee soundkonverter > So Long, and Thanks for All the Fish, Thanks for all your work through the years Lukas! -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Packaging a go application
On Sat, Sep 07, 2019 at 02:37:13PM +0200, Rhys Perry via aur-general wrote: > Hi, I am currently trying to package an application for use in the aur. The > problem I am having is the install() section. The only thing i need to be done > is for the package to move '$srcdir/$_gitname/fathom' into '/bin/'. How would > I turn that into a .tar.gz? Why would you need to turn anything into `.tar.gz`? Are you thinking about a package? `makepkg` does that for you. Reading the PKGBUILD it seems like you haven't read all the relevant package guideline pages we provide. https://wiki.archlinux.org/index.php/Go_package_guidelines https://wiki.archlinux.org/index.php/VCS_package_guidelines#Git > ### PKGBUILD STARTS HERE ### > license=("MIT") The license needs to be installed in `package()`. > arch=("any") This isn't an "any" package as it contains compiled code. `x86_64` should be enough > > makedepends=("git" "go" "npm") Usually you want to build towards `go-pie` to provide PIE enabled binaries. But since it's an AUR package this isn't super important. > source=("git://github.com/usefathom/fathom.git") You want "git+https://github.com.; > build(){ > export GOPATH="$srcdir"/gopath > cd $srcdir/$_gitname > make build > } You need to cd into the complete gopath of the source. > > package(){ > echo "I don't know what to do now" > } Read any normal PKGBUILD from our repository or guidelines. It should be fairly obvious. You can also look at examples by taking a look at the PKGBUILDs from other go projects. Click on the ones listing `go-pie` as a "(make)" dependency. https://www.archlinux.org/packages/community/x86_64/go-pie/ -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Are AUR VCS packages that depend on AUR VCS packages from other projects a good idea and who should decide on that ?
On Fri, May 03, 2019 at 06:00:32PM +0300, Konstantin Gizdov wrote: > I understand we have standards and requirements and suggestions and best > practices and so on, but for the Arch User Repository - is Lone_Wolf not > allowed to make a package called > 'my-awesome-mesa-git-that-uses-llvm-git-and-thats-final'? And as long as > it builds, installs safe, runs fine, **fulfils a purpose**, **doesn't > have an equivalent** and **does not abuse the website or users**, then > all we can do is say 'Good Job'? Well no, it has to be usefull for more then just a few people. 'my-personal-highly-specialized-llvm-git-package' won't necessarily be allowed. If this is the case for this package I have no clue, have not followed the thread that closely. "Make sure the package you want to upload is useful. Will anyone else want to use this package? Is it extremely specialized? If more than a few people would find this package useful, it is appropriate for submission." https://wiki.archlinux.org/index.php/Arch_User_Repository#Rules_of_submission -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Trusted user application: Drew DeVault
On Sun, Feb 24, 2019 at 06:40:13PM -0700, Brett Cornwall via aur-general wrote: > Here's a PKGBUILD review: Some additional points! > ## madonctl * This package needs to drop `go get` as we have vendored deps. > ## python-activipy-git * "v" should be removed from the pkgver as we are dealing with versioned tags. > ## vgo-git * This package has support for go modules. So it can drop all of the voodoo it is currently doing. ## python-asyncio_redis * I'm a bit unsure what 2 clause BSD is traditionally called. But it's not `2 clause BSD`. After some searching from the repos it seems like `BSD` should be enough(?) Also want to stress the lack of MIT license being places in `/usr/share/licenses/`, along with source not currently enforcing shared SRCDEST as Brett pointerd out. Else the review from Brett seems decent :) Great work. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Handling coincidental name collisions
On Sat, Feb 09, 2019 at 02:49:33PM +0100, Xyne wrote: > The discussion is important because we need to have a general consensus on > deletion criteria. Rogue TUs can't be allowed to roam the AUR deleting > whatever > they personally don't find useful on a given day. `Make sure the package you want to upload is useful. Will anyone else want to use this package? Is it extremely specialized? If more than a few people would find this package useful, it is appropriate for submission.` https://wiki.archlinux.org/index.php/Arch_User_Repository#Rules_of_submission 4 stars on github and...0 votes on the AUR (?) would probably constitute a very specialized package. This was handled with a deletion request and not blindly deleted, so I don't see the fuzz here personally. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU Application_R: Metal A-wing (a-wing)
On Thu, Dec 27, 2018 at 03:35:28PM +0800, Metal A-wing wrote: > I started using Ubuntu in high school. > And I use Debian at university. > In 2017, I started Archlinux > > I also tried other distributions. linux mint, deepin linux, gentoo, centos This seems fairly rushed. The AUR registration occured in April of 2018, and there is only a handfull of commits to actual AUR packages. Let alone there are not any popular packages what so ever here. The archlinuxcn repository is cool and all, but that doesn't help at all if the AUR contributions are lacking. Thats what the role is for after all. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Legal question - Arch Linux trademark on goodies - Transparency
Im unsure why this was posted to aur-general and not arch-general? Probably wrong ML. On Wed, Jan 09, 2019 at 03:16:09PM +0100, William Gathoye wrote: > When someone is donating money to the project, who is receiving it? How > can we have transparency about the IN/OUT of the treasury (server cost? > etc.). What is the legal structure behind Arch Linux? Are we a > foundation like The Document Foundation? Economy is handled by SPI and can be viewed in the annual reports they publish. https://www.spi-inc.org/corporate/annual-reports/ And treasury reports: https://www.spi-inc.org/treasurer/reports/201712/ I don't find anything for 2018 yet. But I assume that will be published soon. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Exact purpose of check()
We can also add a more explicit warning in the package guidelines. https://wiki.archlinux.org/index.php/Python_package_guidelines#Check -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Exact purpose of check()
On Wed, Jan 02, 2019 at 03:44:46PM +0100, Julien Nicoulaud via aur-general wrote: > There is a bit of debate at the borgmatic package ( > https://aur.archlinux.org/packages/borgmatic) about what check() should do. > The upstream borgmatic project uses tox to execute its tests. tox creates > an isolated python virtualenv with the correct dependency versions and > executes tests in there. Don't use tox. We are checking of the dependecies we correct as well. Installing deps with tox from pypi defeats this purpose. > The original maintainer thinks check() should not use tox so that tests can > be run against the system installed dependencies. But this is not so easy > to do, an attempt was made by installing the python package into an > isolated directory just for tests, but even then it seems to conflict with > an existing borgmatic installation. The original maintainer is correct. This is also why you should be running clean chroots. But if it's conflicting you are doing something wrong > Another way of seeing things is that check() should just run tests the way > it is intended by upstream, it is for testing the build artifacts are > correct, not for testing it will run correctly on the system where it is > built. By this logic check() should just run tox, and correct dependency > versions can be enforced by using version ranges in "depends". Using tox is for convenience, but if tox is using nose or pytest then use that. Don't use version ranges to check if dependencies are correct, run the tests. We shouldn't download anything after dependencies and sources have been fetched. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application: Daurnimator
Yo! The vote is over and the results are inn! Yes: 22 No: 15 Abstain: 12 Participation:89.09% Congratulations! I have updated the AUR account. Please follow the TODO and poke me with any questions you have :) https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#TODO_list_for_new_Trusted_Users -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application: Daurnimator
On Wed, Nov 28, 2018 at 04:20:22PM +0100, Morten Linderud via aur-general wrote: > As of the recent discussions; We could try the "co-sponsorship" before the > voting process? Say one or two people confirm they think the voting process > should be continued after the discussion has ended? There was no negative nor positive reply to this. So I'll omit this and go for the voting period. Sorry for the delay as the reproducible builds summit took up most of my day :) https://lists.archlinux.org/pipermail/aur-general/2018-November/034669.html -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application: Daurnimator
On Thu, Nov 29, 2018 at 02:03:33AM +1100, Daurnimator wrote: > I'm applying to be a Trusted User; Foxboron has kindly sponsored me and has > been mentoring me on the specifics over the last couple of months. Yo! I confirm my sponsorship of Daurnimator! Because of the recent discussion regarding the TU application process, I'll also write some words. Might be a good first step in the right direction. Daurnimator reached out to Barthalion, Antonio and Anatol (I think) on the 6th of September regarding the current state of our LUA packages where he wanted to help improve the situation. Barthalion threw me into the mail chain on the 12th of September, and I have been following up on him since then :) I have also done two reviews of his AUR packages to the best of my ability (I don't know LUA very well). One when we initially started talking in September, and last one before the application was sent. Most of the "errors" where stylistic, and some mistakes when downloading sources where they where not named properly. They have been fixed and daurnimator has also sought advice in #archlinux-aur when my explanations where not on point. All-in-all I have a very positive experience with working with him during this process. As of the recent discussions; We could try the "co-sponsorship" before the voting process? Say one or two people confirm they think the voting process should be continued after the discussion has ended? -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application: Maxim Baz
Yo! The vote is over, and the results are inn! Yes: 33 No: 10 Abstain: 9 Participation: 100%(!!!) Congratulations! I have update your AUR account :) Pleaase follow the TODO and poke me for any questions you have going forward! https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#TODO_list_for_new_Trusted_Users -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU Application: Daniel M. Capella
On Thu, Nov 15, 2018 at 06:51:31PM -0500, Daniel M. Capella via aur-general wrote: > Quoting Eli Schwartz via aur-general (2018-11-15 00:52:50) > > On 11/14/18 11:50 PM, Daniel M. Capella via aur-general wrote: > > > Quoting Levente Polyak via aur-general (2018-11-14 17:00:38) > > >> - tests are awesome <3 run them whenever possible! more is better! > > >> pulling sources from github is favorable when you get free tests > > >> and sometimes manpages/docs > > > > > > Will work with the upstreams to distribute these. I prefer to use > > > published > > > offerings as they are what the authors intend to be used. GitHub > > > autogenerated > > > tarballs are also subject to change: > > > https://marc.info/?l=openbsd-ports=151973450514279=2 > > > > I've seen the occasional *claim* that this happens, but I've yet to see > > any actual case where this happens and it isn't because of upstream > > force-pushing a tag. > > > > GitHub is supposed to use git-archive(1) for this, which is guaranteed > > to be reproducible when generating .tar, although in theory > > post-filtering this through a compressor like gzip can result in changes > > from one version of git to another. I say in theory because I don't > > recall this ever happening, and git-archive uses the fairly boring defaults. > > > > I don't see any reason to use substandard sources in order to avoid > > checksum problems I don't believe in. > > "substandard" 樂 > https://wiki.archlinux.org/index.php/Python_package_guidelines#Source Those guidelines are mainly in the context of the python ecosystem. There are no prefferences, only options. If tests, manpages or sources are missing from the pypi mirrors because of mismanagement from upstream, then they are indeed substandard. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application: Maxim Baz
Yo! The discussion period is over and the voting has begun! Great review session everyone, and I hope we can see more things like that in the future :) https://aur.archlinux.org/tu/?id=113 -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] On TU application, TU participation and community/ package quality
On Sun, Nov 11, 2018 at 01:29:31PM -0500, Santiago Torres-Arias via aur-general wrote: > ### TU council I'll summarize this with: I'm unsure. This feels like smacking a social problem with a hammer. I'm also afraid of power imbalance as Ivy have noted. I think we should refocus this effort into something else. Explained below. > ### Minimum number of sponsors I like this idea as a minimum amount of sponsorships. This could also help getting the new TUs up to speed with how things work. This could combine well with Jonathons suggestions of a "probation phase" (Which we have anyway since key signing takes *AGES*). This could also fit well with having co-maintainers? The sponsors should co-maintain the packages the applicant adopts from AUR? > ### Oversight committee I think we should refocus this effort into something simpler; clarifying package guidelines and actually make it easy for existing TUs to figure out *HOW* to package different ecosystems. This could also contribute to removing old habits. I have spent some hours upgrading out Go and Python guidelines to comfort to something we can understand, agree on and doesn't forward bad habits from old PKGBUILDs. A lot of knowledge is implicit, or just derived second-hand from people that are presumed to know things. What happens if those people disappear tomorrow? How is the committee suppose to define a `high-quality PKGBUILD` if we can't distinguish peoples strong subjective opinions from factualities. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU application: Maxim Baz
Yo! On Mon, Oct 29, 2018 at 01:16:46PM +0100, Maxim Baz via aur-general wrote: > My name is Maxim Baz, and with Morten Linderud (Foxboron) as my sponsor > (who I was referred to by Alad Wenter) I'm applying to become a Trusted User. I confirm my sponsorship of Maxim. Let the discussion period begin :) -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU Application - Konstantin Gizdov
On Sun, Oct 28, 2018 at 04:02:40PM -0400, Daniel M. Capella via aur-general wrote: > It's upsetting and embarrassing that the only staffer to stand against this > behavior directly in the ML is the applicant's sponsor. This disrespectful > behavior occurs all the time. Can we enforce our Code of Conduct or is it just > for show? It's frankly embarrassing that it has to go this far. Eli is avoiding the discussion on IRC and refuses to answer. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Critique my pkgbuild
On Wed, Oct 10, 2018 at 03:52:49PM +0200, Tinu Weber wrote: > On Wed, Oct 10, 2018 at 15:48:31 +0200, Morten Linderud via aur-general wrote: > > > makedepends=('make') > > > > `make` is present in `base-devel` thus shouldn't be a listed dependency. > > Unsure > > if its however worth listing it as it's the only needed build-time > > dependency? > > As it is a git package (and git is not in base-devel), I would argue > that at least 'git' should go in there. Woopsie. That completely escaped me :D -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Critique my pkgbuild
On Wed, Oct 10, 2018 at 01:34:25PM +, Ethan Rakoff wrote: > # Maintainer: Ethan Rakoff > > pkgname=threemawebqt Needs to have a -git suffix as it builds from a git source and is thus a VCS package. > pkgver=0.1 You need a pkgver() function as this is an VCS package. Since you don't have tags yet you should count the number of revisions. pkgver() { cd "$pkgname" printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" } https://wiki.archlinux.org/index.php/VCS_package_guidelines#Git > pkgrel=1 > pkgdesc="Thin client for Threema Web, the web client for Threema, an E2E > encrypted messaging app." > arch=('i686' 'x86_64') > url="https://github.com/ethanrakoff/${pkgname}; > license=('MIT') > depends=('qt5-base' 'qt5-webengine') > makedepends=('make') `make` is present in `base-devel` thus shouldn't be a listed dependency. Unsure if its however worth listing it as it's the only needed build-time dependency? > source=("git+${url}") I personally dislike the need to use variables just because they exist. This reads much better: source=("git+https://github.com/ethanrakoff/threemawebqt;) > md5sums=('SKIP') > > build() { > cd "${pkgname}/src" > > qmake > make > } > > package() { > cd "${srcdir}/${pkgname}/src" You omitted `$srcdir` from `build()` but added it here. This is mostly a style thing, but I'd just omit it all together. > make INSTALL_ROOT="${pkgdir}" install > > install -Dm644 icon.png "${pkgdir}/usr/share/icons/${pkgname}/icon.png" > install -Dm644 ../threemawebqt.desktop > "${pkgdir}/usr/share/applications/threemawebqt.desktop" > install -Dm644 ../LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" > } > -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Attempting to update upwork-beta, and hit a head-scratcher
I have removed the suspension. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] acroread package compromised
These where the compromised packages and their package versions: * acrored 9.5.5-8 * balz 1.20-3 * minergate 8.1-2 -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] PKGBUILD for Automatic Arch System Maintenance
On Sat, Jul 07, 2018 at 02:47:16PM -0400, Michael Dobachesky via aur-general wrote: > Hello everyone, > > I have been working on a package that automatically does Arch Linux system > maintenance tasks like updating, cleaning, error checking, etc. > It has really helped me out and I am hoping that it will help out others as > well. Well, "cleaning" is an understatement. It's frankly destructive. Repackaging other peoples scripts without understanding the content is just bad. https://gitlab.com/mgdobachesky/ArchSystemMaintenance/blob/master/maint-1.0.0/Scripts/rmjunk.py -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Delete spam comment/account from aur
On Thu, Jun 07, 2018 at 11:36:54AM +0200, Maxim Andersson via aur-general wrote: > Regarding this page > https://aur.archlinux.org/packages/aur-comment-fetcher-git/ > > Could the comment from 2018-06-06 (and maybe spammer-account?) please > be deleted. As a headsup. I removed the comment and deleted the user. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU resignation
On Thu, May 31, 2018 at 09:03:02AM +0200, Pierre Neidhardt via aur-general wrote: > > I've stopped using Arch ever since I've switched to GuixSD[1] (a > functional-oriented distribution focusing on reproducible builds and > completely custimizable in Guile Scheme) and it's now quite clear that > there will be no coming back. > > My involvement in this new project and in others (Emacs, Next > Browser[2]) takes a lot more time than what I can afford into > maintaining my Arch packages. Thanks for your work through the years :) > - qutebrowser > - udiskie > - fzf > - pdfjs (optional for qutebrowser) > - python-keyutils (required by udiskie) > - python-pypeg2 (require by qutebrowser) I have adopted these packages! -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Basilisk pkgbuild is facing a trademark violation?
On Sat, May 19, 2018 at 07:23:52PM +0200, Fabio Loli via aur-general wrote: > Mattatobin, of which you can read here > > https://github.com/jasperla/openbsd-wip/issues/86 > > Have made this (edited) comment in the AUR webpage asking for removal > > https://aur.archlinux.org/packages/basilisk > > You do realize this package is completely insane. I want you to > remove any remaining Basilisk branding and use of the name including > in the desktop file and this very package from AUR that you are > obviously squatting on. If he thinks the package should be deleted, he can submit a deletion request like everyone else. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Build packages without Arch on pkgbuild.com
On Sun, Apr 08, 2018 at 07:09:06PM +0530, Pierre Neidhardt wrote: > > Morten Linderudwrites: > > > What i have done now is to launch a second gpg-agent that only > > provides an -extra socket with no caching what so ever. > > I thought of something along those lines. Can you detail the commands > so that we can put that on the wiki? > Symlink gpg.conf and private-keys-v1.d into a new gnupg directory. Then just create a gpg-agent.conf along the lines of: extra-socket /home/fox/.gnupg-extra/S.gpg-agent.extra default-cache-ttl 0 max-cache-ttl 0 pinentry-program /usr/bin/pinentry-gtk-2 Then you just launch gpg-agent with the homedir set: gpg-agent --homedir .gnupg-extra --daemon Fix you ssh config to point at the new .extra socket. I'm honestly unsure why gpg-agent can't be launched into the same homedir twice. But I'm way too lazy to dig further into gnupg. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Build packages without Arch on pkgbuild.com
On Sun, Apr 08, 2018 at 06:09:27PM +0530, Pierre Neidhardt wrote: > > > Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can > > enable > > this only for connections to soyuz. > > But that's only for signing, so that won't do if I have subkeys used for > other purposes under the same master key, right? I realized that mistake shortly after. What i have done now is to launch a second gpg-agent that only provides an -extra socket with no caching what so ever. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Build packages without Arch on pkgbuild.com
On Sun, Apr 08, 2018 at 05:58:11PM +0530, Pierre Neidhardt via aur-general wrote: > > What's the best practice to disable password caching? Set the timeout > to zero? > > Does anyone know if it's possible to have have a zero-timeout when on > soyuz while having another timeout time locally? Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can enable this only for connections to soyuz. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] Build packages without Arch on pkgbuild.com
On Sat, Apr 07, 2018 at 11:53:08AM +0530, Pierre Neidhardt via aur-general wrote: > To perform the complete operation on soyuz, we need to forward the > gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP > / Web of Trust security model: for a person with root access to soyuz, > the private key is only one passphrase away. > Which is why I have been working on clave[1]. It helps in the cases where build artefacts are large and sorta useless to download after building. But it doesn't prevent the case where a malicious root user is capable of switching the files right after build, unless you do some additional verification after generating the signing request. Since it creates signatures with the new packet style, it won't be supported before pacman 5.1, and I plan on improving it a bit before that time. [1]: https://github.com/Foxboron/clave -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU Application - Robin Broda
On Wed, Mar 07, 2018 at 05:21:39PM -0500, Eli Schwartz via aur-general wrote: > On 03/07/2018 05:15 PM, Alad Wenter via aur-general wrote: > >> Eli Schwartz via aur-generalhat am 7. März > >> 2018 um 22:16 geschrieben: > >> > >> Discussion period is over, time to cast your votes, everyone! > >> > >> https://aur.archlinux.org/tu/?id=105 > >> > > I've cast my vote the moment I saw this email. Last time I didn't, I got an > > angry phone call from my email provider because his server crashed from the > > sheer amount of reminder mails. :P > > > > Alad > > Please tell them to email complai...@archlinux.org > You are mistaken. The mail has been deprecated in favor of /dev/n...@archlinux.org -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: [aur-general] TU Application - Robin Broda
On Fri, Mar 02, 2018 at 05:16:52PM +0100, Robin Broda via aur-general wrote: > Hello, > > I'm Robin 'coderobe' Broda, born in '99, and I'm writing to become a > Trusted User. > > [SNIP] Yo Robin! Super happy to see you applying for TU, and I appreciate the support you have been doing on IRC. However! I think it's too early. Most of the packages mentioned doesn't have many updoots and they have frankly been added barely a month ago to the AUR. I'd love to see more AUR packages from you, and maybe that you adopt some orphan packages from community. -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature