On Thu, Oct 25, 2007 at 18:04:01 +1000, Allan McRae wrote: > A possible solution would be to have a website where users could submit > a PKGBUILD for a package needing updated in the main repos. Then this > PKGBUILD could be taken by a developer, reviewed and added to the main > repositories. This may be useful for packages with no maintainer > (although I realize you are trying to clear those from the repos) and > relieve some of the pressure on developers in maintaining the > non-essential packages. This page with the submitted PKGBUILDs would > need to be viewable publicly so people could see what has been submitted > and update things themselves - so it would sort of be an AUR for the > packages in the main repo.
I really like your idea, it got me thinking of ways to do this. I know I get frustrated when I make a patch to update an orphaned package and it falls on deaf ears. What if we made a copy of the developer repository and opened it up to the publicr? We could make a nice web interface similar to the AUR that interfaces with CVS (or the next SCM). This way people could submit and share patches against the official PKGBUILDs. This could be useful for changes to PKGBUILDs that go beyond simple version number bumps. Say the next kernel comes out, users can update the unofficial repo to build this new kernel before the official package is released. Rather than flagging a package out of date, this would allow users to become more active in the development of official packages. This is something that I would like to see, and to be involved with myself. Developers can reference these patches to offload some of their own work. However, the devs should take care to understand what patches they are commiting in order to maintain quality packages. This doesn't come without any risks though. Much of the security risks are the same when compared with the AUR. That is to say, "What if somebody uploads malicious PKGBUILDs?" This problem is increased if anybody can _modify any other_ package. The risk is comparable to projects like the wiki. Anyone can upload bad information. The solution comes in where people notice these changes and roll them back, and ban the malicious user/IP who submitted those bad changes. What do you all think? Greetings, Jesse
pgprsN5TzOStF.pgp
Description: PGP signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
