Hi again, So I updated xrootd and pythia and submitted the relevant deletion requests. Now, can I get some package reviews? Thanks.
Regards, Konstantin On Fri, Mar 17, 2017 at 9:33 PM, Eli Schwartz via aur-general < aur-general@archlinux.org> wrote: > On 03/17/2017 02:17 PM, Konstantin Gizdov wrote: > > Hi Eli and Sebastian, > > > > OK, I see the orphan request got approved. Certainly, wasn't looking to > > draw outrage, but get advice on what the appropriate action. I will > update > > the relevant pythia, xrootd and submit deletion request myself for the > > others. > > Thanks for fixing this yourself. It was less about outrage and more > about being extra-emphatic about what is and isn't appropriate. :) > > I save the outrage/abuse for people who have already been told what the > right thing is, and refuse to listen. Everyone makes mistakes, and that > is generally okay as long as it was done in good faith and, upon > realizing the mistake, fixing it. > > > As to the package signing, I already know how to detach sign. I also know > > about the source signing. What is not clear to me is repo-add --sign. The > > docs say it will update 'the package database'. Which package database? > > Does AUR keep such info? I though that was for Trusted Users and official > > repos. > > > > What I want to do is essentially to provide a convenient way for people > to > > build or directly download pre-built packages, if they choose to, and be > > able to verify them, without too much hassle. What do you recommend? > Should > > I just make a *-bin version on AUR with my signature and detach sign the > > binaries on my own repo? I thought this was also not the AUR way? > > > > Could I get someone's workflow for signed packages as an example? > > No, this is entirely separate from the AUR. See the Wiki page for > "Unofficial user repositories". > > Various members of the community host their own prebuilt packages on > their personal servers or whatever, for example, AUR packages that they > use and want to sync on multiple computers, or something that takes a > long compile time and they want to offer in addition to the AUR package. > > `repo-add --sign` will allow you to generate a pacman-compatible sync > repository that can be copied/rsynced to your personal server and then > added to pacman.conf to download from your server, while signing the > database itself (it is ideal to sign both the packages, via `makepkg > --sign`, and the sync database itself). > > -- > Eli Schwartz > >