On 14-01-07, Lukas Fleischer wrote: > Hi, > > I think the idea of integrating Git with the AUR [1] is a very good one > and should be a milestone for the 3.0.0 release. The idea is to create a > Git repository per package. > > Pros: > > * Full history of each AUR package, even if the maintainer changes. > > * Lays the foundations for supporting multiple maintainers per package. > > * Makes it easier to contribute patches (see git-format-patch(1), > branches and pull requests). > > * cgit might do quite a lot of the work required on the front-end side. > PKGBUILD previews, history view, tarball generation, Git clone > support, ... > > * Updating packages will be easier (`git pull` followed by `makepkg -i` > instead of doing all the work from the web browser or via an AUR > helper). > > Cons: > > * Needs more space on the AUR server. Currently, an AUR package uses > ~17KiB on the official Arch Linux AUR server. This will probably > increase by a factor of 10. Shouldn't be too problematic unless we get > a lot of new packages or a lot of updates. > > * More load on the AUR server. Especially if we no longer store tarballs > but use cgit to generate them on the fly (needs to be discussed). > > Migration should be easy since we can use a small shell script to > convert all packages into Git repositories. > > The first idea is to slightly change the package submission process to > extract the whole tarball, parse the PKGBUILD and do a Git commit with > the tarball content. There will be an additional text field to enter a > (part of the) commit message that is used. As mentioned above, all > package repositories will be accessible via cgit. The PKGBUILD preview > (and maybe also the tarball download) will be replaced with a simple > link to cgit. > > Later, we should think of how to support support for git-push(1). The > main issues are > > * Authentication: Virtual accounts, somehow connected to the AUR DB? > * Integration of the PKGBUILD/.AURINFO parser: Git hook? > * DoS protection: Quotas, ... >
I don't think we should support `git-push` at all, the reasons are simple: * Git allows overwriting the history by doing a force push `git push -f`. As a community PKGBUILD publishing platform, the git history of a PKGBUILD should not be allowed to be tampered with, whether accidently or intentionally, it should reflect how the PKGBUILD envloved from the start, not the one someone carefully crafted. * Changed history will cause conflit on `git pull`, which is not something we want to deal with everyday. Instead, we should stick on the `src.tar.gz` tarball submitting, and make the Git commit on the server. At least, push access should not be granted to normal user, only to TUs. > Any comments and suggestions are welcome! > > Regards, > Lukas > > [1] https://bugs.archlinux.org/task/23010
