Re: [aur-general] Resignation as Trusted User
Em setembro 7, 2020 16:50 Santiago Torres-Arias escreveu: Thank you for all your work Giancarlo. I'm relieved to open this email and see that you are sticking around. I think you're a fundamental part of what keeps Arch not only going, but improving. I think I did the thing, and you are now a normal user in the AUR system. Thank you for your kind words sangy. I'm not going anywhere Arch related anytime soon. Just reconciling some stuff on my end. I was not feeling too good about myself not handling *any* AUR requests in a long, long time. Not even going to mention I barely did package reviews for TU candidates. So yeah, I think I did the right thing. Regards, Giancarlo Razzolini pgpAxg_s9cvZG.pgp Description: PGP signature
Re: [aur-general] Resignation as Trusted User
Em setembro 7, 2020 16:27 Giancarlo Razzolini via aur-general escreveu: Keeping TU rights just for voting isn't the right thing to do, so, I therefore step down as a TU. This is my *personal* opinion, I'm not professing, nor imposing any moral judgment on anyone doing precisely that. Just to clarify this. I'm not a TU anymore (my aurweb rights were already revoked), so I can say this from an outside perspective (joking). Regards, Giancarlo Razzolini pgp7Mbu8_6dyG.pgp Description: PGP signature
[aur-general] Resignation as Trusted User
Hi Guys, TL:DR, stepping down as TU, remaining as developer and devops. I have been dabbling with this for a while now, but I think it's time. I haven't been handling a lot of TU related stuff for a long time now (with exception to voting). Keeping TU rights just for voting isn't the right thing to do, so, I therefore step down as a TU. I'll keep working on mkinitcpio and on devops, and I will continue to be available to *everyone*. Please, one of you remove my TU permissions on aurweb. Thank you all. Regards, Giancarlo Razzolini pgp5HbyzRhsb5.pgp Description: PGP signature
Re: [aur-general] [arch-dev-public] AUR migration
Em julho 28, 2020 9:46 Filipe Laíns escreveu: On Mon, 2020-07-27 at 14:43 -1000, Gaetan Bisson via arch-dev-public wrote: [2020-07-27 21:10:23 -0300] Giancarlo Razzolini: > Em julho 27, 2020 21:03 Gaetan Bisson escreveu: > > It's quite unsettling that we seem to be rushing to write a news post > > while this very reasonable suggestion remains completely ignored. > > > > It wasn't ignored. They keys were deliberately changed in the process. Why? Baptiste rightly points out "it's the same service as before and (presumably) the host private keys were not compromised, so there is no reason to change keys." Yet his message remains unanswered... If one machine gets compromised the keys are also compromised. If we can just use different keys on each machine to mitigate this, why wouldn't we? I think the short term bothers of changing the key do not warrant at all compromising security like this. But your experience might be different, is there anything in specific you are worried about or find annoying? I have been trying to figure what would possibly justify this but I can't, please let me know. Baptiste's answer was presumably under the assumption that the full machine would be migrated, but he would have to confirm. On which case, his request would be perfectly reasonable IMO. > I think the issue you refer to happened on the orion -> gemini migration and You are correct. > I personally think that everything that runs as a service on Arch servers should > be properly tracked on ansible, even if it's a user service. That is certainly a worthy goal but it does not imply that we must kill everything that is not tracked by ansible at every migration. Copying home directories over to the new host used to be standard practice for any administrator of a system which serves multiple users... None of this happened, when it did hapen in soyuz everyone got properly notified and had plenty time to get their stuff out, on top of that, the system was backed up in case someone forgot. I don't understand what issue you are trying to get on here, Grazzolini already explained this did not happen. I agree with what you said, no machine should be killed without a proper handling of the user data, but what is the issue right now? Cheers, Filipe Laíns Guys, the news is out, the keys are changed. I've taken a look at the remaining migrations and I don't think ssh keys are going to be an issue, because all the services that depend on ssh keys are migrated already. The orion mail migration will hopefully use keycloak for authentication, so no need for users to login to the machine for setting up/changing passwords. Most things are separated and isolated now to their own VPS, so, if in the future we need to do these migrations, it's easier to use the same keys, or rely on the UpdateHostKeys functionality to be able to gracefully change host keys. Thank you all for the help. Regards, Giancarlo Razzolini pgp2KfsKCNm2R.pgp Description: PGP signature
Re: [aur-general] [arch-dev-public] AUR migration
Em julho 27, 2020 21:03 Gaetan Bisson escreveu: It's quite unsettling that we seem to be rushing to write a news post while this very reasonable suggestion remains completely ignored. It wasn't ignored. They keys were deliberately changed in the process. For future migrations I would greatly appreciate if not all on-disk data were thrown away. On top of SSH keys, there are home directories which contain not only user data but also in some cases things useful for the distro as a whole (such as the service I use to version iana-etc files). The AUR was running on luna, which still hosts git.archlinux.org (where a few projects still are) and lists.archlinux.org. No data was deleted from it, only the AUR database and uploads were copied to the new machine. I think the issue you refer to happened on the orion -> gemini migration and I personally think that everything that runs as a service on Arch servers should be properly tracked on ansible, even if it's a user service. Regards, Giancarlo Razzolini pgplaRV8oY48A.pgp Description: PGP signature
Re: [aur-general] AUR migration
Em julho 27, 2020 9:35 Henry-Joseph Audéoud escreveu: On 24/07/2020 21:24, Giancarlo Razzolini via aur-general wrote: The migration is almost done. Since we are moving to a new machine, it will have new host keys. They are: Ed25519: SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4 ECDSA: SHA256:5s5cIyReIfNNVGRFdDbe3hdYiI5OelHGpw2rOUud3Q8 RSA: SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI You swapped the fingerprints of keys ECDSA and RSA. From my computer, I get that fingerprints (and Ricardo Band has the same for ECDSA): ED25519: SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4 ECDSA:SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI RSA: SHA256:5s5cIyReIfNNVGRFdDbe3hdYiI5OelHGpw2rOUud3Q8 Yes, this is correct. The configuration is with the keys swapped. I'm going to fix it and also create a news post about this. Regards, Giancarlo Razzolini pgp3dZbQ8t2AQ.pgp Description: PGP signature
Re: [aur-general] AUR migration
Em julho 23, 2020 17:09 Giancarlo Razzolini via aur-general escreveu: Hi All, In continuing with the improvements being done to our infrastructure, we're planning to migrate the AUR to another machine. This means that, during the migration, there *will* be downtime of the whole AUR. I expect the migration to take around two hours and happen either tomorrow (Friday) or on Saturday, depending on availability. Regards, Giancarlo Razzolini The migration is almost done. Since we are moving to a new machine, it will have new host keys. They are: Ed25519: SHA256:RFzBCUItH9LZS0cKB5UE6ceAYhBD5C8GeOBip8Z11+4 ECDSA: SHA256:5s5cIyReIfNNVGRFdDbe3hdYiI5OelHGpw2rOUud3Q8 RSA: SHA256:uTa/0PndEgPZTf76e1DFqXKJEXKsn7m9ivhLQtzGOCI They are also be available on the home page when logged out. Regards, Giancarlo Razzolini pgpZ9BUBXtXIm.pgp Description: PGP signature
Re: [aur-general] AUR migration
Em julho 23, 2020 19:45 Sven-Hendrik Haase via aur-general escreveu: Thanks for taking the time! I hope there won't be any weird unforeseen problems. Sure. I wrote a checklist for the migration [0], to try to avoid issues. I could've missed soemthing, if you spot anything, please edit the page. [0] https://gitlab.archlinux.org/archlinux/infrastructure/-/wikis/migrations/aur pgpotfkOyIvBK.pgp Description: PGP signature
[aur-general] AUR migration
Hi All, In continuing with the improvements being done to our infrastructure, we're planning to migrate the AUR to another machine. This means that, during the migration, there *will* be downtime of the whole AUR. I expect the migration to take around two hours and happen either tomorrow (Friday) or on Saturday, depending on availability. Regards, Giancarlo Razzolini pgpkbRsNpQ8Mo.pgp Description: PGP signature
Re: [aur-general] TU application; freswa
Em maio 21, 2020 8:29 Giancarlo Razzolini via aur-general escreveu: The discussion period is over. Let's vote! https://aur.archlinux.org/tu/?id=121 The voting period is over and we have a result: Yes: 39 No: 3 Abstain: 9 Participation: 92.73% So, I guess it's official, welcome to the team! Regards, Giancarlo Razzolini pgpyzrdRCud66.pgp Description: PGP signature
Re: [aur-general] TU application; freswa
Em maio 17, 2020 11:40 Frederik Schwan via aur-general escreveu: On 17/05/2020 05.28, Robin Broda via aur-general wrote: On 5/17/20 5:06 AM, Frederik Schwan via aur-general wrote: Changes can be found here: https://github.com/freswa/aur/commit/c3778f6bda345f0165289f3a57d36047e6ba5934 Thank you for doing the review :) Time for the next round: Package: datagrip datagrip-jre Package: or-tools-java Package: pass-sshaskpass Package: pass-sshaskpass-git Package: tomighty Package: tpacpi-bat-git Package: unifi-beta Package: youtrack Fixed. https://github.com/freswa/aur/commit/6a1f6efae06f137b6d93f7f66973a6272766fe1d Thank you Frederik The discussion period is over. Let's vote! https://aur.archlinux.org/tu/?id=121 Regards, Giancarlo Razzolini pgpGGcNnzbvey.pgp Description: PGP signature
Re: [aur-general] TU application; freswa
Em maio 12, 2020 12:06 Giancarlo Razzolini via aur-general escreveu: Em maio 7, 2020 2:50 Sven-Hendrik Haase via aur-general escreveu: Discussion period shall last until 2020-05-12. This is just a reminder that today is the last day for discussion on this application. Tomorrow I'll create a vote on the AUR. Correction: Both me and Sven were wrong on the time for discussion period. It will end on 2020-05-20, as the addition of a new TU requires a 14 day period discussion. Carry on. Regards, Giancarlo Razzolini pgpj2Auq2meG4.pgp Description: PGP signature
Re: [aur-general] TU application; freswa
Em maio 7, 2020 2:50 Sven-Hendrik Haase via aur-general escreveu: Discussion period shall last until 2020-05-12. This is just a reminder that today is the last day for discussion on this application. Tomorrow I'll create a vote on the AUR. Regards, Giancarlo Razzolini pgpiuVSJwMXCN.pgp Description: PGP signature
Re: [aur-general] TU application; freswa
Em maio 6, 2020 18:19 Frederik Schwan via aur-general escreveu: Hi everyone, my name is Frederik aka freswa and I'm applying to become a Trusted User with svenstaro's and grazzolini's sponsorship. I started using Linux around 2004 with some live images of Ubuntu. In 2010, Debian became my main OS. Only a year later I switched to Arch after I screwed up Debian/sid while hunting for the latest kernel. I'm interested in DevOps topics, mail server, C, Rust, Go and newer JVM languages such as Kotlin. Thanks to svenstaro I've been a bug wrangler since February. You mostly hear from me when I assign bugs to the wrong people from time to time :P OS contributions: - working on the dovecot-xaps code, providing native Mail.app Apple Push for iOS devices - maintaining and writing PKGBUILDs for the AUR - bug reporting and fixing for several projects My AUR packages got reviewed recently by eschwartz, svenstaro and alad - thanks :) If I become a TU, I'd like to focus on the bug tracker until we have a better solution. I'd also like to help out bug fixing when maintainers are busy, away or on vacation. Packages which I would like to move to [Community], some of which are not mine: docker-credential-pass i3status-rust intel-undervolt ispin mysqltuner pdfposter pinentry-rofi protobuf-go sha3sum spin talosctl thermald unifi woeusb I'm aware though that some of these packages do not meet the criteria of 10 votes yet. I'll reevaluate whether they meet this criteria from time to time. I'd also like to go on helping Eli with maintenance of zfs-dkms and zfs-utils in the AUR. In case JetBrains is okay with us packaging their IDE's, I'd also maintain them. But so far all requests I found resulted in a negative response from JB. I am looking forward to working with you! Frederik I confirm the sponsorship of Frederik. I see the discussion already started though but, I'd suggest you guys wait until Sven also confirms. Regards, Giancarlo Razzolini pgpmVAdzQKbD0.pgp Description: PGP signature
Re: [aur-general] Dropping official gitlab packages
Em dezembro 25, 2019 19:36 Karol Babioch via aur-general escreveu: Announcing this on main site as dedicated news entry is probably overkill? At least it would get some attention and potentially some new maintainer could be found this way ;-)? Not sure how many people are using those packages, but this is seriously disruptive. Anyone running on this, would probably appreciate to be aware of the situation ... I think Sven should have used the arch-dev-public mail list, but it does not change the fact the current packages are hard to maintain and if no other developer or trusted user wants to pick it up, it will be dropped. Now, dropping does not mean deleting, they'll be moved to the AUR by Sven and subsequently orphaned, precisely to allow interested parties to pick it up and maintain it. News items are for things that require user attention and/or manual intervention. The gitlab package will continue working after it gets dropped, just won't be updated anymore until someone wishes to maintain it on the AUR. Regards, Giancarlo Razzolini pgptVN7cKYC6a.pgp Description: PGP signature
Re: [aur-general] [PRQ#16499] Deletion Request for aur-git
Em outubro 30, 2019 17:38 Alberto Salvia Novella via aur-general escreveu: AUR: Alad deleted aur-git: Why are you submitting this again after agreeing that a name change is in order? That was the original package which was there before the discussion, and only one day has passed. I haven't had time that fast for thinking a new name and requesting a change, which I was planning to do this very week. I suggest that you make standard in Arch waiting a couple of days for feedback before making unilateral decisions. Today we had a discussion and we have decided to blacklist the aur (and -git) namespace, as well as, preemptive, blacklist aurweb and it's -git counterpart. The reason being it might lead to user confusion, one because it's the name of the actual repository, and the other being the name of the actual project. That goes without saying that there's a blacklist of packages that already are on the official repositories. Regards, Giancarlo Razzolini pgpV30JRFk1mq.pgp Description: PGP signature
Re: [aur-general] aur client
Em outubro 29, 2019 18:35 Eli Schwartz escreveu: Makes sense, we have the functionality so we might as well use it. The question is what criteria to use. :/ I guess that starting with names that might sound "official" like AUR, is a good starting point. Also, having a way to query/edit that list in a better fashion than directly manipulating the DB will certainly make it more appealing. Regards, Giancarlo Razzolini pgpPRnPgdiWFx.pgp Description: PGP signature
Re: [aur-general] aur client
Em outubro 29, 2019 14:09 Eli Schwartz via aur-general escreveu: Correction: there is "a blacklist", but it's only used to prevent namespace conflicts for users who attempt to upload packages named the same pkgname as a package in the binary repos. It is correct to say we have never attempted to blacklist names which "shouldn't be allowed to exist as packages because $person dislikes the name". "aur" isn't inherently a bad name, I could conceive of it being the name for a package which installs the aur.archlinux.org software, though "aurweb" would be an even better name. ;) Indeed, a there are two blacklists, one that blacklists repo packages, so they are not uploaded to the AUR. That one is updated automatically. There's a second blacklist, but that one has no way to update, other than through the DB, hence my confusion. I think we should probably start adding a few packages to that list. Regards, Giancarlo Razzolini pgpky0H51YAfH.pgp Description: PGP signature
Re: [aur-general] aur client
Em outubro 29, 2019 12:55 Loui Chang escreveu: Please rename your project to avoid confusion. I'm surprised that the name wasn't already blacklisted. I would hope some TU does add 'aur' to the blacklist of package names. There is no "blacklist". Having said that, I don't think that name is good at all. Regards, Giancarlo Razzolini pgpqbLEv__n3Y.pgp Description: PGP signature
Re: [aur-general] TU removal: Ray Rashif
Em outubro 20, 2019 14:19 Ray Rashif via aur-general escreveu: Sorry folks, I should have probably sent in a resignation for this. I have also made unfulfilled promises as a developer and never sent in an inactivity declaration in the hopes of getting back to Arch/Linux once I have a new computer. As funny as it sounds my undeclared inactivity is as long as this current machine ~3-4 years and a purchase has been pending since last year but keeps getting down-prioritized due to $$ requirements elsewhere in RL. Hi Ray, Sorry to hear that. Can you also clarify your status as a developer? It is not clear from this email what is it. Regards, Giancarlo Razzolini pgprbLozGukpb.pgp Description: PGP signature
Re: [aur-general] TU removal: Ray Rashif
Em outubro 8, 2019 9:35 David Runge escreveu: The voting procedure will commence after seven days of discussion period, in which Ray can state his case. I believe that the discussion period for removal by inactivity is 3 days, not 7. The voting period is 5 days. Other than that, the current proposal is 119, but it has not ended yet. If, during the discussion period, Ray ends up voting on that one, we'll have to stop this process. Regards, Giancarlo Razzolini pgpVf039owP1O.pgp Description: PGP signature
Re: [aur-general] [arch-dev-public] Retiring as a Trusted User
Em outubro 2, 2019 6:10 Florian Pritz via arch-dev-public escreveu: Hi, I no longer have the time necessary to properly handle actual TU duties so I am retiring my TU hat. I will still continue maintaining some packages I have in [community] via my developer hat. That said, I'd like to orphan some of them too. If anyone is interested in taking over one of these packages (and its dependencies), please feel free to adopt it and tell me so that I can orphan it. asciidoc filezilla libfilezilla gcolor2 gmrun obconf openbox openshot libopenshot libopenshot-audio pydf slock tipp10 vimpager xplc zim Florian Hi, Can you also send a signed email? Regards, Giancarlo Razzolini pgpS0XUge6X0r.pgp Description: PGP signature
Re: [aur-general] TU application: kpcyrd
Levente Polyak via aur-general writes: I'm hereby confirming my sponsorship. kpcyrd is a friend of mine in both, cyber- and meatspace. He is a very kind person and I like his way of thinking. His technical skills would be a great benefit for the TU community. Even though I'm not one of kpcyrd sponsors, I can vouch for him as well. Given that I've worked with him in the past. He's a very nice person to work with and quite technically skilled. Regards, Giancarlo Razzolini pgpfV42IlocC0.pgp Description: PGP signature
Re: [aur-general] TU membership application
Em setembro 4, 2019 9:54 Alexander Rødseth via aur-general escreveu: I did agree to sponsor the TU application of Jean Lucas, provided he found another sponsor, but was not aware that he had sent his application without any mentoring on my part. Well, I think it should be the other way around, you first mentor someone and look with them into their packages and then decided about sponsorship. I am not in favor of how the TU application process turned out, nor the idea of moving proprietary software packages to [community], but I'll stand by my word and sponsor him if there is another sponsor. Sergej already confirmed sponsorship. But it seems neither of you actually mentored the applicant. In general, we need more TUs and Devs and I think we should have a process that feels less judgemental on the applicants (ref. the application from Drew DeVault that sadly did not join us as a TU). While I agree that we should have a more on point discussion with less bikeshedding regarding other stuff, I don't think that simply foregoing the discussion period is the way to go. If someone dislikes a TU application, it's easy to vote "no" in the vote that follows. That's not how this should be faced. Ideally all the applications should have two sponsors that are actively mentoring the applicant and are vested into their success. If we had that, applications would be voted "yes". ps: I'm not making any judgment on the applicant here. I've talked with him privately regarding this application process. While he failed to disclose that he had asked another TU before, I don't think it was in bad faith. Regards, Giancarlo Razzolini pgp5E50PKzsYr.pgp Description: PGP signature
Re: [aur-general] Spam account (crack4sure)
Em agosto 28, 2019 12:15 Ralf Mardorf escreveu: Your "signed" mail is "incorrect formatted". Your message has got no body, see https://lists.archlinux.org/pipermail/aur-general/2019-August/035340.html . A TU can find the account, since you mentioned it by the subject. However, you risk to end up quasi accidentally in the spam filters of our MUA's ;). Well, some TU already found it and suspended it already, so all good (with the exception of the malformed email) Regards, Giancarlo Razzolini pgphySaoA2gVH.pgp Description: PGP signature
Re: [aur-general] TU membership application
Em agosto 20, 2019 13:16 Jean Lucas via aur-general escreveu: Hi Bert, and thank you! My (latest) key can be found at https://keys.openpgp.org/search?q=jean%404ray.co and https://pool.sks-keyservers.net/pks/lookup?search=jean%404ray.co=on=vindex (as well as the servers SKS Keyservers gossips with). On SKS Keyservers, I had originally submitted 2 keys in 2015, and they've both since been revoked. So my latest, active key has fingerprint 553C C0A1 134A 2E77 145B E12D 7416 2644 B297 6F6C, as posted on my AUR profile at https://aur.archlinux.org/account/flacks/. Hi Jean, Can you as your second sponsor to reply to this thread so we can start the discussion period? Ideally, Alexander should also sign his email, like Sergej did. Our bylaws unfortunately do not mention this, neither does our wiki. Regards, Giancarlo Razzolini pgpGexMuoxU2c.pgp Description: PGP signature
Re: [aur-general] TU membership application
Em agosto 19, 2019 9:05 Sergej Pupykin escreveu: I have nothing against this application. I use parsedmarc package (slightly modified for my needs) which maintained by Jean. Having nothing against is not the same as actively sponsoring it. All this discussion is kind of pointless until we hear from both sponsors telling us they actively sponsor Jean's application. Then the discussion period can begin. Regards, Giancarlo Razzolini pgpGE6wYuDNv9.pgp Description: PGP signature
Re: [aur-general] Account
Em junho 13, 2019 14:50 Radislav Golubtsov via aur-general escreveu: Robin (and other TUs), I vote for Goncalo AUR account will get unsuspended (if not yet). Sorry for this akin petition mail but personally I don't know Goncalo. I simply have read all the threads regarding his account suspension and I know the reason it was. Reading just the threads is not enough to understand the grounds for suspension. Comments and also AUR requests weighed in on this. But some time has gone and something changed... -- We are all sometimes doing strange things. As a heavy addicted Arch user I also ask you to unsuspend his AUR account and let maintainer do his job on a normal manner. Thanks in advance. Having said that, and not being involved at all with his suspension, I vote for us to lift it. I guess it goes without saying that the behavior that triggered the suspension in the first place will not be tolerated. Regards, Giancarlo Razzolini pgp7tKwOeKjro.pgp Description: PGP signature
Re: [aur-general] Are AUR VCS packages that depend on AUR VCS packages from other projects a good idea and who should decide on that ?
Em maio 7, 2019 14:00 Lone_Wolf escreveu: It seems I overreacted and hijacked my own thread. I also made several mistakes and may have (unintentionally) offended people. I apoligise to all posters in & readers of this thread. There are decisions that need to be made, but I'm the one that needs to make them , not TUs. I do need to do some serious thinking and will keep radiosilence during the thinking. Some unfinished business : Robin, you do have a valid point about lone_wolf-* not being good package names. If my creativity is not enough to chose good names, I should ask help with picking names instead of choosing bad ones. The question this thread started with is still valid Are AUR VCS packages that depend on AUR VCS packages from other projects a good idea and who should decide on that ? This thread went way beyond what it should have gone. This is the AUR we're talking about. I'm not saying we should accept any crap on the AUR, but, I'm talking from my own experience here, we don't always anticipate what will be useful or not to people. I have several packages I've put on the AUR that, even though I've followed the guidelines, I didn't expect them to be of any use to other people. And yet, they did. On the other hand, I have uploaded packages that I expected to be of use, and they turned out to not be that useful. Unless we have a way to enforce the guidelines properly, I say that we should not bikeshed this much over AUR submissions. We have a lot of crap on AUR, yes. We have a lot of submissions that are useful to only one person, yes. We have packages that are not even for the architecture we support, yes. So, let's not dabble over a package that's not even the worse we have on the AUR *right now*. Regards, Gincarlo Razzolini pgpHVXQYixXou.pgp Description: PGP signature
Re: [aur-general] Trusted user application: Drew DeVault
Em fevereiro 27, 2019 10:53 Drew DeVault via aur-general escreveu: On 2019-02-26 11:37 PM, Brett Cornwall via aur-general wrote: I would also chip in with the following from early 2017: https://github.com/swaywm/sway/issues/1227 (I am also not in any sort of witch hunt, just thought this would be relevant.) It should go without saying that I regret what I said here as well. I was going some stressful financial problems when those comments were written. Doesn't excuse anything, and I'm sure we could find examples of my jerkitude that I can't say the same for. Instead I'd like to ask this: if I'm to be damned by my past behaviors, is there a path to redemption? Is there any criteria we could establish for demonstrating good behavior? Or, would I have to live with a forever vague sense of unease among the voters? Not to say that the unease isn't justified - it may in fact by the right answer to reject applications based on that unease. If any concerned can think of more tangible criteria, though, it would make it easier for me to dispell your concerns or give me some personal development goals to meet. I don't think that's needed, you have proven so far that you can handle criticism, which is a good indicative. As I said, I was just surprised. You never know, sometime you might get someone on a bad mood or something like that. I stand by what I said though, that everything should be taken into consideration. Including past behavior and present, which doesn't mean to focus on the bad stuff, or just wash it away with good stuff. After all, we're all a sum of all that, good or bad. I appreciate that your sponsors are also backing you up in this, not just technically. Thanks and I wish you luck. Regards, Giancarlo Razzolini pgp8FCZAVasBq.pgp Description: PGP signature
Re: [aur-general] Trusted user application: Drew DeVault
Em fevereiro 27, 2019 3:56 Eli Schwartz via aur-general escreveu: If the only thing we can find to complain about is his attitude towards Manjaro, then we obviously cannot find anything to complain about. :) I was surprised by this attitude since all my interactions with Drew in the past were quite friendly. Most (all?) were on IRC. I don't recall him being this aggressive on IRC. Having said that, I don't think we should ever treat anyone like this, regardless of distro. I have very little to say on the AUR packages that has not been said, but those interactions with users are something we need to also take in consideration. Regards, Giancarlo Razzolini pgp4X5r5V6QrH.pgp Description: PGP signature
Re: [aur-general] [PATCH][tu-bylaws]: raise threshold of sponsors to two
Em janeiro 8, 2019 0:23 Santiago Torres via aur-general escreveu: - Have two TUs review the applicants PKBUILDs - Have two TUs actually decide to support this canididate I'm fine with the patch, but these two lines are ambiguous. Are the TUs that are going to review the PKGBUILD's the same as the sponsors? Also, if we are heading this direction of having a different set, other than the sponsors, of TUs requiring to review the PKGBUILD's, shouldn't this also be added to the bylaws? Regards, Giancarlo Razzolini pgpMljxvL_dmc.pgp Description: PGP signature
Re: [aur-general] General PKGBUILD and Instalation help.
Em dezembro 25, 2018 21:52 hagar escreveu: It is about the combination of both Whatever that means. I am only building using makechrootpkg -c That's fine, if your package is well defined I have built other packages which use wine - no problem Use wine where? But this package is using wine in the package() phase while the others did not, and falling over. If wine is in your depends=() array, it shouldn't be a problem. I was wondering if I had missed something? Without a log, it's hard to know. Try building with multilib-build instead of plain mkchrootpkg. I'm assuming this is a multilib package. If not, you can build with extra-x86_64-build. Both these commands run namcap for each stage. You can send those plus your PKGBUILD and then we can start helping you. Without those, we're just guessing now. Regards, Giancarlo Razzolini pgpEMcmUuKKpY.pgp Description: PGP signature
Re: [aur-general] TU application: Daurnimator
Em dezembro 17, 2018 5:23 Bartłomiej Piotrowski via aur-general escreveu: I fail to understand how discussion got where it is now. Is sponsorship process about packaging quality and candidate in general or pushing some agenda through projects that applicant is helping with? I don't believe I have to say this, but we should probably write somewhere how the applicant will be evaluated. Because asking the applicant about something they don't really have control over is ridiculous, to say the least. I know we have this [0], but it is not enough. Are we going to start asking applicants questions not related to packaging and arch? Then at least lets make sure they can prepare for it. Or, preferably, can we please focus on packaging? Regards, Giancarlo Razzolini [0] https://wiki.archlinux.org/index.php/Trusted_Users#How_do_I_become_a_TU? pgpxNdjHvrO2v.pgp Description: PGP signature
Re: [aur-general] About bullying in our community
Em outubro 31, 2018 7:03 Markus Schaaf via aur-general escreveu: I don't want to impute bad intentions to you, but this behavioural pattern might be a root of the problem. This isn't a technical discussion. It's about social interactions and emotions. You can't just weigh facts and find /the/ truth. It's widely believed that the best we have come up with, to reach consensus in large communities, is voting. An equivalent on a mailing list would be to show support through iterating a position in one's own words. What you have written above is like trying to cut off a protest march on the grounds that the first 20 protesters already made their point clear, so there would be no reason for the next 2000 to reiterate it again. This is a mail list with a specific purpose. I don't think equating this with a protest is accurate. This thread might make some people feel uncomfortable. But rightly so. This is not only about some TUs employing a harsh and repellent style of communication. This is also about the community of TUs letting this happen for years. I'm not uncomfortable with this *thread*. But there was no progress in the discussion. Only ḿore piling on and ranting. I don't. What makes you so confident? I do believe in man's ability to change. But this often needs a bit of pressure. What was happening on this thread was not pressure, was ranting and rumbling. And public ranting and rumbling achieves no goal, at all. Except more ranting and rumbling. I'm confident for reasons that do not need to be exposed on the list. (Don't forget that moderation means to arbitrate, not to censor.) The list is now in emergency moderation. Regard, Giancarlo Razzolini pgpPpL5RQy6oo.pgp Description: PGP signature
Re: [aur-general] About bullying in our community (Was: TU Application)
Em outubro 30, 2018 16:07 Ralf Mardorf escreveu: Apparently this TU has got special rights. That he could behave like this again and again does strengthen him to continue doing it. This thread has lived much longer than it's purpose. Let's stop this right now. I'm placing this list into emergency moderation if this continues. I'm confident all the parties understood what happened by now and how to avoid this in the future. Thanks to all, Giancarlo Razzolini pgpQQwIn3OFxE.pgp Description: PGP signature
Re: [aur-general] TU application -- Santiago Torres-Arias
Em julho 22, 2018 16:35 Santiago Torres-Arias via aur-general escreveu: - Orphaned packages (I'm a regular user of these): - giblib (currently on extra) - python-pylint (currently on extra) - uthash - znc - cvf - netctl (?! currently on core, so I suspect I can't maintain this one) - python-opencl/pyopencl-headers - I'd love to co-maintain some packages that have a packager right now**: - radare-cutter - hub - rtl-sdr - maven - I intend to move the following packages from the AUR: - reprotest - git-latexdiff - python-rstr - python2-grip - inxi - plex-fonts Needless to say, I'm open to discussion on this list. I can extend it with any suggested packages, or discard any packages that aren't deemed popular enough. On a less technical, serious note, I love playing guitar! I have a band and we play progressive, shoegaze, and math-rock. I also like cycling, and reading on pretty much anything. I'm a Rust fanboy and I'm re-learning Verilog, as I'm hoping to play around with the RISC-V ISA and emulate TPM's and other trusted hardware designs. Hi Sangy, Glad to hear you finally applied to become a TU. Creepy stuff with the confirmation from shibumi coming before your application. I have adopted znc, because I didn't knew it was orphan. I have now officially made a calendar entry to look at orphans monthly. I'm glad to have you co-maintaining, if you get elected, however. I'm a hardcore user of znc as well. Good luck, Giancarlo Razzolini pgpPy31LiOsLv.pgp Description: PGP signature
Re: [aur-general] acroread package compromised
Em julho 9, 2018 11:53 Ben Oliver via aur-general escreveu: Agreed. It's important to understand what the AUR is and how it works before using it. Yes. Which is why we have warnings everywhere. Without this, a helper is simply granting anyone permission to run scripts on your computer. Wildly exaggerated. A good helper will inform the user. It should be up to the user ultimately to check things, helper or not. If you are at all surprised by this takeover, then defintely start reading the wiki: https://wiki.archlinux.org/index.php/Arch_User_Repository https://wiki.archlinux.org/index.php/PKGBUILD Look my email address domain portion. Regards, Giancarlo Razzolini pgpyPiIGG1Tey.pgp Description: PGP signature
Re: [aur-general] acroread package compromised
Em julho 9, 2018 5:06 Bennett Piater escreveu: Looks to me like this is more of a warning than anything else, no? Why would he create those files otherwise, given how much attention that would attract? Hi Bennet, This would be a warning for what exactly? That orphaned packages can be adopted by anyone? That we have a big bold disclaimer on the front page of the AUR clearly stating that you should use any content at your own risk? This thread is attracting way more attention than warranted. I'm surprised that this type of silly package takeover and malware introduction doesn't happen more often. This is why we insist users always download the PKGBUILD from the AUR, inspect it and build it themselves. Helpers that do everything automatically and users that don't pay attention, *will* have issues. You should use helpers even more so at your risk than the AUR itself. Regards, Giancarlo Razzolini pgpeI2HcVOxYK.pgp Description: PGP signature
Re: [aur-general] TU resignation
Em maio 31, 2018 4:03 Pierre Neidhardt via aur-general escreveu: I've stopped using Arch ever since I've switched to GuixSD[1] (a functional-oriented distribution focusing on reproducible builds and completely custimizable in Guile Scheme) and it's now quite clear that there will be no coming back. Hi Pierre, Thanks for your work on Arch. And good luck with this new project. - xss-lock I would adopt this, since I use it. Regards, Giancarlo Razzolini pgpvxxEmtG01Z.pgp Description: PGP signature
Re: [aur-general] TU (re-)Application
Em fevereiro 9, 2018 13:29 Alad Wenter via aur-general escreveu: It seems we have no clause in the TU Bylaws [1] on what to do if a Fellow wants to resume his position as TU. That said, I doubt any of us would object when we consider your email as the "application" and simply start the vote after the usual discussion period (1 week) has ended. Best, Alad [1] https://aur.archlinux.org/trusted-user/TUbylaws.html I'm not sure if, in this case, he would need a sponsor or not. I don't think we need to amend the bylaws to add this special case for a returning TU, but I do think the standard procedure should be followed. Regards, Giancarlo Razzolini pgpcsRZbjxxMp.pgp Description: PGP signature
Re: [aur-general] Special Removal of an Inactive TU: speps
Em janeiro 12, 2018 17:14 NicoHood escreveu: Just to be sure: YES = Delete NO = Keep Correct? We had this discussion and more on the IRC channel. But you're correct on your assumption, YES mean TU removal. No, to keep them. Regards, Giancarlo Razzolini pgpwr6O5WbOqt.pgp Description: PGP signature
Re: [aur-general] Wrong email address in AUR signup
Em dezembro 28, 2017 11:53 Curi0 via aur-general escreveu: Hi I used zcq...@gmail.com instead of zkq...@gmail.com username name is Curi0. I have fixed your account. Regards, Giancarlo Razzolini pgpFJdF5LXIQU.pgp Description: PGP signature
Re: [aur-general] Advice needed maintaining boost-compute
Em novembro 11, 2016 15:14 Julien JPK escreveu: On 11/11/16 16:45, Doug Newgard wrote: Alright so now I'm really lost. I'm certain I built and installed the package successfully before sending the new PKGBUILD, and now that I try again, I do get the errors. I must have forgotten something when I tried the first time. So basically since that's not an option anymore, I'm guessing the package is no longer of any use separately. Packages re-use the building directory. This is were building in a clean chroot comes in handy. At minimum, use makepkg's -C option. To be honest I was just picking packages I was interested in, with the idea of maintaining them on a longer term should it become necessary. I understand that the packages I've chosen so far are not tremendously active, I just thought these simple update tasks would be a good place to start after the wiki. I guess that was yet another mistake... Nothing wrong on maintaining the occasional package. I'm not quite sure where you're going with this. While I'm not actually a yaourt user, I thought it would be a good way to "confirm" that the update had gone through and the updated package was indeed available. Now I'm guessing my 3rd mistake is hidden somewhere in there. Thank you for your answers, and sorry for the disturbance. Turns out I just hadn't been thorough enough in my work. Using a helper to confirm if a PKGBUILD is "ok" is so bad of a practice that I don't even know where to begin. Use the tools for the job, makepkg and, devtools. Let the helpers to deal with it. It's their job to make sure your package installs (provided you follow best practices). Cheers, Giancarlo Razzolini
Re: [aur-general] Trusted User Application: Giancarlo Razzolini
Em novembro 10, 2016 7:07 Johannes Löthberg via aur-general escreveu: Heh, seems Jelle inconveniently went on vacation just before it ended, so on behalf of Jelle: Congrats grazzolini, you've been accepted! Yes: 20 No: 6 Abstain: 6 Please continue by following the TODO for new Trusted Users[0]. [0] https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines Hi all, I was aware Jelle went on vacation, which is why I was ok waiting for him to come back. As someone mentioned on IRC, TU's are humans too. Anyway, I want to thank you all for this opportunity. I will start on the TODO right now. Cheers, Giancarlo Razzolini pgpTtkOiRZFGJ.pgp Description: PGP signature
Re: [aur-general] Trusted User Application: Giancarlo Razzolini
Em outubro 23, 2016 22:17 Levente Polyak escreveu: On 10/24/2016 01:32 AM, Giancarlo Razzolini via aur-general wrote: Well I actually don't planned to jump in again on this topic... but if you fully agree on all that, then it pretty much boils down to the fact that you definitively want to get rid of userdel. I'm quite convinced that's explicitly a part of what Florian tried to explain as that is something that would require adjustment before moving ;-) Yes, I understood this. I already changed the package in question and I am testing it as I type this. But, as I said, I don't plan on moving it to community for now, if I become a TU. I know that TU's and dev's are not only expected, but required, to push the envelope on PKGBUILD quality. And I plan on be a part of it, regardless of anything else. Cheers, Giancarlo Razzolini pgpK0DLUWH1L6.pgp Description: PGP signature
Re: [aur-general] Trusted User Application: Giancarlo Razzolini
Em outubro 22, 2016 13:17 Florian Pritz via aur-general escreveu: I feel like the goal should be that every AUR package is in a state that allows it to be simply moved to community without requiring any changes. Sadly, most of the time I want to move stuff I have to invest a couple of hours/days into making sure it builds properly and follows our (implicit?) standards. Like keeping users after removal, not including tons of patches, using split packages only when necessary or depending on all dependencies. It appears many people still build with plain makepkg and without build chroots. I agree with all this. I have been using the devtools for a while now. Not only I use a clean chroot build, but I have developed a testing procedure where I test the packages on both VM's and on bare metal machines, before pushing them to the AUR. Not only that, but I invest some effort into making sure I got the right upstream sources. I have a multi ISP/VPN/TOR download tool that I plan on polishing and releasing that automates in part the retrieval of the sources (also making sure you have the right one). Also please keep in mind that AUR packages are influenced by each other. If you have one package doing things a certain way and you only clean them up when necessary, you'll have to clean them up every time. If people get used to the way we want packages, moving could be much simpler and every package you improve is a step in the right direction. This experience, even if I don't get in, has been much fruitful. I will continue helping either way, whenever I can. Cheers, Giancarlo Razzolini pgpCrgqWtMIDA.pgp Description: PGP signature
Re: [aur-general] Trusted User Application: Giancarlo Razzolini
Em outubro 21, 2016 10:10 Levente Polyak escreveu: Well I don't see why it shouldn't be but as long as it's the AUR most likely that won't be enforce anyway as there isn't even proper UID GID registry. But any package in the repo must not delete user and group accounts, that's what that TODO list was all about. I don't see why this will change anytime soon so please keep that rule in mind :) I don't plan on bringing memlockd to community, if I become a TU. I made it's package because I'm working on porting TAILS memory erasure process to archlinux. And they use memlockd. If I ever manage to port it, then we will see. Cheers, Giancarlo Razzolini pgpOWhv2iADdh.pgp Description: PGP signature
Re: [aur-general] Trusted User Application: Giancarlo Razzolini
Em outubro 20, 2016 17:36 Levente Polyak escreveu: Hi Giancarlo, Well I don't see reason to have a checksum for that one, its contained within the source (PKGBUILD) and not downloaded from a remote. It either comes through git or via a pkg-src tarball. The PKGBUILD itself (that contains that checksum) comes through the very same way and also runs code itself. Indeed. I removed all .install files from the source array of my packages. I would say: just leave it around. In fact we had a big TODO list [0] cleaning up all the userdel from all packages in the whole repos (not the AUR). It doesn't hurt much and in fact if it ever creates some files (now or in the future) you definitively don't want to wipe them and definitively don't want to delete the user-name associated with the UID of those files. I kept the userdel for now. But I will follow how this develops. cool. that's especially important to get some attention onto it when you consider moving such to the repo ;) I just updated the uscpi-tcp package and all the others with the suggested improvements. As for my own packages, I removed their .install files for now. I agree it is not the proper place for documentation. Some of them already have wiki entries documenting their install process. Some do not. I will probably move that text to a proper file in /usr/share/doc and will also improve their documentation on the github. Cheers, Giancarlo Razzolini pgpzEXO8_XYT2.pgp Description: PGP signature
Re: [aur-general] Trusted User Application: Giancarlo Razzolini
Em outubro 20, 2016 15:39 Levente Polyak escreveu: Hi Giancarlo, thanks for your application and jelle for sponsoring. As always I want to give my 2 cents to your PKGBUILDs so you could improve certain points before the voting period starts. Please don't be scared! :) cheers, Levente PS: some of the blocks are copy-paste, its just lot easier this way :] Hi Levante, I always appreciate input. Jelle did already provide some, and I have hunt down all the namcap issues I found. Since there is a lot of copy and paste, I'll reply in the same manner, condensing where possible. *: - I am aware that the .install file does not need to be on the sources. But If I am not mistaken, if it is not on the sources array, it also does not have it's checksum validated. Since most of those .install files run code, I have always put them on the sources array. I am open to suggestions though. - I will correct any usage of $pkgdir and $srcdir without quotes on them. - I fixed the download target of some packages, specially because of the github versioning. But it makes sense to fix all of them to do the same. - Main vs. VCS provides/conflicts: Will fix them to not have those. chkboot: - the chkboot-git conflict was because the package was named chkboot-git before. I can safely remove that. memlockd: - I was in doubt regarding the user deletion. In this specific instance that dir is the user home dir. I don't think it does create any files there though. Do you have any recommendation on how to tackle this one? I don't want to leave just an empty dir as leftover of the package uninstall. ucspi-tcp: - I took over that package on the migration of the AUR3 to the AUR4 and, since there weren't new releases of that software since then, I didn't pay much attention to it. Will apply the suggestions. I plan to do these corrections as soon as possible (possibly still today, tomorrow at max). Thanks for the input, Giancarlo Razzolini pgpEi23piR2jJ.pgp Description: PGP signature
[aur-general] Trusted User Application: Giancarlo Razzolini
Hi All, My name is Giancarlo Razzolini (grazzolini) and I would like to become a TU. Before anything, I want to thank Jelle van der Waa for agreeing to become my sponsor. I'm 33 years old. I am a developer and infrastructure manager at my own company. I have been using Linux since 1999. Despite my name, I am not Italian, but I'm Brazilian (of Italian descent). My first experience with Linux was with Conectiva Linux, but soon I moved to Slackware, where I stayed for many years. For work reasons, I ended up using Ubuntu for some years. In 2013 I moved to Arch, and it was love at first sight. Or better, at first use. Right from the beginning I started to contribute, first helping out with the wiki. Later, when I found out about the simplicity of creating and maintaining packages, I started to put some on the AUR. Also, I adapted some tools I had developed for Ubuntu initramfs system, to Arch. Also, I created new ones. Most of them are related with remote unlocking of an encrypted root partition, so lots of early userspace networking. I am also very active on IRC. Recently I also subscribed as a tester, and I do give signoff's to the packages I am able to test. If I become a TU, I would like to bring some of the packages I maintain on the AUR[0] to community, specially: keepass-plugin-keeagent tinyssh (co-maintained) ucspi-tcp I would also like to bring some of my own project's packages, specially: mkinitcpio-netconf[1] mkinitcpio-dropbear[2] mkinitcpio-tinyssh[3] mkinitcpio-utils[4] I am willing to adopt packages also. From the list of orphaned packages, I am willing to adopt right away terminator and all it's dependencies. Thanks in advance, Giancarlo Razzolini [0]https://aur.archlinux.org/packages/?SeB=m=grazzolini [1]https://github.com/grazzolini/mkinitcpio-netconf [2]https://github.com/grazzolini/mkinitcpio-dropbear [3]https://github.com/grazzolini/mkinitcpio-tinyssh [4]https://github.com/grazzolini/mkinitcpio-utils pgpr5UJhOFKP3.pgp Description: PGP signature