On 18/10/2020 17:39, Tim Meusel via aur-general wrote: > Hi! > > I'm Tim Meusel and I want to spent more time in the Arch Linux community > and increase the package quality. I first got in touch with open source > some years ago in the Puppet Community [0] where I started to love > Puppet and FOSS. At the moment I'm employed at a big ISP where I > maintain a few thousand systems. My solution of choice for configuration > management is Puppet because it fulfills all requirements and is easy to > extend. For a few projects I require up2date systems with modern > software, that's why i choose Arch Linux. Since Puppet was already > present in the company, the Arch Linux boxes were puppetized as well. I > wrote or contributed to multiple packages related to Puppet on Arch > Linux. foxxx0 and shibumi were so kind to continue maintaining them > in the official repositories:
Yay, I like seeing applications who want to help maintain packages which are already in our repositories! Some notes on your AUR packages: * choria-io - 'github.com/choria-io/go-choria/build.BuildDate=$(date '+%F %T %z')' Recording the build date is non reproducible, will give reproducibility issues. SOURCE_DATE_EPOCH can be used to make it reproducible, see https://reproducible-builds.org/docs/source-date-epoch/ - systemd unit could have some systemd hardening applied, see the wiki or 'man systemd.exec' https://wiki.archlinux.org/index.php/Arch_package_guidelines/Security#Systemd_services * log4r - Package lacks a license=(), upstream url is no longer valid it seems? * tftp-hpa-destruct - systemd service could use some hardening - how did you obtain the LICENSE file? From their official website? It's interesting it's not in the official tarball :) Greetings, Jelle
signature.asc
Description: OpenPGP digital signature