Re: [aur-general] TU appliance Jens Maucher (defcon)

Sun, 05 Apr 2009 06:26:15 -0700 

Ali H. Caliskan wrote:

I don't think zatoo should be that much criticized, it looks somewhat clean.


I am going to be fairly blunt here, but essentially you are wrong....

e.g.

 # Kerberos libs
 ln -s /usr/lib/libcrypto.so libk5crypto.so.3
 ln -s /usr/lib/libkrb5.so libkrb5.so.3
 ln -s /usr/lib/libkrb5.so libkrb5support.so.0
 ln -s /usr/lib/libgssapi.so libgssapi_krb5.so.2



Symlinking libraries to different sonames is, in my opinion, the single 
worst thing you can do to your install.  It can create bugs that are 
incredibly difficult to track down.   The current libkrb5.so is .25!  A 
lot has changed since .3...  The correct way to deal with this is to 
find a version of the package that supplies these library versions and 
build it, either within the package or as a dep for the package.  The 
former is probably cleaner in this case unless something else requires 
these versions.


There is also the use of "mkdir" and "cp" instead of "install" to improve.


As Jens pointed out, he no longer maintains this.  But at this point, 
that is moot.  He maintained it when he applied and the TUs did not know 
him very well in general so we needed to rely on his packaging skill to 
judge his application.  The consensus opinion of the TUs was obviously 
that his package standards were not high enough and I have no doubt that 
this package was primarily to blame.



So, for future reference, here is my subjectiveview of what should have 
happened after this package was pointed out as bad:
1) a reply to aur-general saying "I will look into it".  If it was 
fixable, good.  If not then...
2) a reply saying, "This is very difficult to fix.  I am discussing this 
with my sponsor.  Any suggestions on how to improve it?".

3) possibly delaying of voting until it is shown that the issue is fixed.


I see the ability to know when you have a bad PKGBUILD or other problem 
and then asking for help to be far more important than the ability to 
produce perfect packages.  Remember, once someone is a TU, they will be 
providing the community with binary packages.  It is essential that the 
Trusted Users ensure any new applicant is up to standard.  Any doubt is 
enough to say no.


Allan


























					Reply via email to