On 18/10/2020 17:39, Tim Meusel via aur-general wrote: > Hi! > > I'm Tim Meusel and I want to spent more time in the Arch Linux community > and increase the package quality. I first got in touch with open source > some years ago in the Puppet Community [0] where I started to love > Puppet and FOSS. At the moment I'm employed at a big ISP where I > maintain a few thousand systems. My solution of choice for configuration > management is Puppet because it fulfills all requirements and is easy to > extend. For a few projects I require up2date systems with modern > software, that's why i choose Arch Linux. Since Puppet was already > present in the company, the Arch Linux boxes were puppetized as well. I > wrote or contributed to multiple packages related to Puppet on Arch > Linux. foxxx0 and shibumi were so kind to continue maintaining them > in the official repositories:
Yay, I like seeing applications who want to help maintain packages which
are already in our repositories!
Some notes on your AUR packages:
* choria-io
- 'github.com/choria-io/go-choria/build.BuildDate=$(date '+%F %T %z')'
Recording the build date is non reproducible, will give
reproducibility issues. SOURCE_DATE_EPOCH can be used to make it
reproducible, see https://reproducible-builds.org/docs/source-date-epoch/
- systemd unit could have some systemd hardening applied, see the wiki
or 'man systemd.exec'
https://wiki.archlinux.org/index.php/Arch_package_guidelines/Security#Systemd_services
* log4r
- Package lacks a license=(), upstream url is no longer valid it seems?
* tftp-hpa-destruct
- systemd service could use some hardening
- how did you obtain the LICENSE file? From their official website?
It's interesting it's not in the official tarball :)
Greetings,
Jelle
signature.asc
Description: OpenPGP digital signature
