Re: [aur-general] TU application - rgacogne
On Fri, Nov 13, 2020 at 12:04:05PM -0500, Discussion about the Arch User Repository (AUR) wrote: > On Fri, Nov 13, 2020 at 09:59:25AM +0100, Morten Linderud via aur-general > wrote: > > On Fri, Nov 13, 2020 at 08:52:37AM +0100, Remi Gacogne via aur-general > > wrote: > > > Hello everyone, > > > > > > My name is Remi Gacogne, and I hereby apply to join the Trusted Users > > > team, kindly sponsored by Levente Polyak and Morten Linderud. > > > > I confirm my sponsorship of Remi :) > > > > I have known Remi since the winter of 2016 when I met the security team > > during > > that years Chaos Communication Congress (he thought I was jelle :D). Along > > with > > funding the security team with anthraxx he has been contributing a lot to > > the > > security team the past years and it's a long overdue application. > > > > Super glad we finally got around to this<3 > > I'd like to add that Remi is perhaps one of the most dilligent members > of the security time. I have absolutely no doubt that he'll carry out > his TU duties with the same professionalism as he does with the security > team. > > Super excited to hear about this! > > -Santiago I got to know Remi during my second(?) Chaos Communication Congress in Hamburg (he didn't thought I was jelle, btw). We had a nice chat about the security team and our plans for the future, since then he has been the most reliable and most active security team member, thus I would like to declare my full support for his TU application. Chris signature.asc Description: PGP signature
Re: [aur-general] TU application - bastelfreak
On Sun, Oct 18, 2020 at 05:39:41PM +0200, Discussion about the Arch User Repository (AUR) wrote: > Hi! > > I'm Tim Meusel and I want to spent more time in the Arch Linux community > and increase the package quality. I first got in touch with open source > some years ago in the Puppet Community [0] where I started to love > Puppet and FOSS. At the moment I'm employed at a big ISP where I > maintain a few thousand systems. My solution of choice for configuration > management is Puppet because it fulfills all requirements and is easy to > extend. For a few projects I require up2date systems with modern > software, that's why i choose Arch Linux. Since Puppet was already > present in the company, the Arch Linux boxes were puppetized as well. I > wrote or contributed to multiple packages related to Puppet on Arch > Linux. foxxx0 and shibumi were so kind to continue maintaining them > in the official repositories: > [...] The voting period is over. Tim Meusel (bastelfreak) got accepted as TU with the following result: Yes No Abstain TotalParticipation 37 2 12 51 89.47% see: https://aur.archlinux.org/tu/?id=124 Congratulations, Tim and welcome on board. Chris signature.asc Description: PGP signature
Re: [aur-general] TU application - bastelfreak
On Sun, Oct 18, 2020 at 05:39:41PM +0200, Discussion about the Arch User Repository (AUR) wrote: > Hi! > > I'm Tim Meusel and I want to spent more time in the Arch Linux community > and increase the package quality. I first got in touch with open source > some years ago in the Puppet Community [0] where I started to love > Puppet and FOSS. At the moment I'm employed at a big ISP where I > maintain a few thousand systems. My solution of choice for configuration > management is Puppet because it fulfills all requirements and is easy to > extend. For a few projects I require up2date systems with modern > software, that's why i choose Arch Linux. Since Puppet was already > present in the company, the Arch Linux boxes were puppetized as well. I > wrote or contributed to multiple packages related to Puppet on Arch > Linux. foxxx0 and shibumi were so kind to continue maintaining them > in the official repositories: > [...] Hi everybody, Thank you for the discussions in the last 14 days. The discussion period is officially over. Please cast your vote: https://aur.archlinux.org/tu/?id=124 best wishes and stay healthy chris / shibumi signature.asc Description: PGP signature
Re: [aur-general] TU application - bastelfreak
On Sun, Oct 18, 2020 at 05:39:41PM +0200, Discussion about the Arch User Repository (AUR) wrote: > ... > I talked to shibumi and hashworks in the past days, both reviewed the > packages and agreed to sponsor my application. I hereby confirm my sponsorship. May the discussion period begin! Furthermore I would like to point out Tim's excellent work and help regarding our puppet packages and other ruby packages. I had to disown the puppet packages yesterday, because I thought I am not the right person for this job. With Tim we would have a puppet contributor and someone who actually knows what he is doing in terms of puppet. Chris signature.asc Description: PGP signature
Re: [aur-general] TU application - raster
On Sun, Aug 23, 2020 at 09:15:34AM +0100, Carsten Haitzler wrote: > Hi Everyone. > > I'm Carsten - or Raster. > > Sponsors: eschwartz and shibumi agreed to +1 me > > I'm upstream founder of enlightenment, EFL, terminology and a few other > things. > I work at Arm in Cambridge, UK (and live here). I've been involved in OSS and > releasing software since like 1995/96 or so for Linux (And other Unixen at the > time). I've worked on several distributions - RedHat, Debian (made custom > variant, not upstream) and Tizen. I pretty much eat, breathe and sleep C, and > of course that comes with the requisite "I can drive a shell script off a > cliff > gracefully" developer skill-set. Linux is my OS. I don't dual boot. All my > machines are Linux machines without booting into anything else and that's been > the way for me for me since I got my first PC in 1996 after I had to give up > on > the Amiga. This PC then ran just Linux and nothing else (never saw a DOS or > Windows install). In fact all but 2 of my machines are Arch Linux (Rockpro64 > dev > board (debian SID) and my Ampere Emag aarch64 workstation (Ubuntu), my > pinephone has Manjaro for now which is kind-of-close to Arch...). > > I already maintain the AUR packages for efl-git, enlightenment-git, rage-git, > efl-git-asan, enlightenment-git-asan and have for a long while now (also > co-maintain terminology-git). You can see that I'm responsive to issues people > bring up and fix them pretty fast. I have done some edits to the arch wiki as > well over time. > > I will admit - I haven't really touched the Arch forums... I'm really an > IRC/Email person, but I am on #archlinux, #archlinux-offtopic (and > #archlinux-arm) most of the time. > > I've been using arch as my primary/only distro now for maybe about 4-5 years. > I like its simplicity and "don't patch/modify things from upstream unless > absolutely needed" policy (as an upstream I smile warmly at this direction). > It's very developer friendly... and that's who I am. I also run ALARM on my > Rapsberry Pis. > > I do spend most of my effort on the upstream work on these E related projects > as those are what I write, release, add features to and fix bugs in. > > I'm about as googlable as it gets: > > ras...@rasterman.com > http://www.rasterman.com > > I know that there are a lot of packages to maintain for a very small number of > people, so I'm happy to help out. > > I'd be best at taking over or being co-maintainer of: > > * efl > * enlightenment > * terminology > > Other packages I can add to community: > > * rage (https://aur.archlinux.org/packages/rage - i maintain rage-git already) > * evisum (https://www.enlightenment.org/news/2020-06-07-evisum-05-release) > > And in future any others that I think are past the bar of "worth including in > Arch community rather than AUR" over time (there are ones brewing or lurking > like EDI https://www.enlightenment.org/about-edi, Ephoto > https://www.enlightenment.org/about-ephoto, Enventor > https://www.enlightenment.org/about-enventor) > > I'd also be happy to help maintain packages I know I depend on and work with > that might be a bit niche like: > > * packagekit > * ddcutil > > And in general just help attack anything that I know enough about to be a bit > better than a bowl of dried up custard at that is in my general sphere of > knowledge/use. > > My PGP key hash: 04F7A0E31E08D3E08D39AFEBD147F94364295E8C > http://keys.gnupg.net/pks/lookup?op=get=0xD147F94364295E8C > > Looking forward to pitching in and making Arch better :) > > -- > - Codito, ergo sum - "I code, therefore I am" -- > Carsten Haitzler - ras...@rasterman.com I approve my TU sponsorship, let's start the discussion period. Chris signature.asc Description: PGP signature
Re: [aur-general] Requirements to apply for TU?
On Sat, Aug 08, 2020 at 01:55:38AM -0500, Discussion about the Arch User Repository (AUR) wrote: > Just to add, could one become a TU in a pseudo-anonymous way? As in, just be > known in nickname only. Or does one have to give their real name in order to > become one? Looks like everyone has their real name in the wiki. Except for > Xyne, are they a special case? > This is definitely possible. We can't check the realname anyway. Just know, that you are more likely to get elected without being anonymous. In the end it's still a matter of trust and I would prefer to not having anonymous people on important positions like the devops team. TU is maybe a different thing. just my 2 cents shibumi signature.asc Description: PGP signature
Re: [aur-general] TU application: hashworks
On Mon, Jun 08, 2020 at 03:08:04PM +0200, Discussion about the Arch User Repository (AUR) wrote: > Hello everyone, > > My name is Justin Kromlinger aka hashworks and I'm applying as a > Trusted User with the sponsorship of Thore Bödecker aka foxxx0 and > Christian Rebischke aka shibumi who recently reviewed my AUR packages > [1] – thanks for that! Some may know me from freenode#archlinux.de, > where I'm lingering since a few years. I am and will be reachable there > anytime. > [...] I confirm my sponsorship, may the discussion period begin. shibumi signature.asc Description: PGP signature
Re: [aur-general] TU application; freswa
On Wed, May 06, 2020 at 11:19:04PM +0200, Discussion about the Arch User Repository (AUR) wrote: > Hi everyone, > my name is Frederik aka freswa and I'm applying to become a Trusted User with > svenstaro's and grazzolini's sponsorship. > > I started using Linux around 2004 with some live images of Ubuntu. In 2010, > Debian became my main OS. Only a year later I switched to Arch after I > screwed up Debian/sid while hunting for the latest kernel. > I'm interested in DevOps topics, mail server, C, Rust, Go and newer JVM > languages such as Kotlin. > > Thanks to svenstaro I've been a bug wrangler since February. You mostly hear > from me when I assign bugs to the wrong people from time to time :P > > OS contributions: > - working on the dovecot-xaps code, providing native Mail.app Apple Push for > iOS devices > - maintaining and writing PKGBUILDs for the AUR > - bug reporting and fixing for several projects > > My AUR packages got reviewed recently by eschwartz, svenstaro and alad - > thanks :) > > If I become a TU, I'd like to focus on the bug tracker until we have a better > solution. I'd also like to help out bug fixing when maintainers are busy, > away or on vacation. > > Packages which I would like to move to [Community], some of which are not > mine: > docker-credential-pass > i3status-rust > intel-undervolt > ispin > mysqltuner > pdfposter > pinentry-rofi > protobuf-go > sha3sum > spin > talosctl > thermald > unifi > woeusb > > I'm aware though that some of these packages do not meet the criteria of 10 > votes yet. I'll reevaluate whether they meet this criteria from time to time. > I'd also like to go on helping Eli with maintenance of zfs-dkms and zfs-utils > in the AUR. > > In case JetBrains is okay with us packaging their IDE's, I'd also maintain > them. But so far all requests I found resulted in a negative response from JB. > > I am looking forward to working with you! > Frederik > Hi freswa, I would like to ask you the following questions: 1. How do you monitor new software releases? Do you use a specific tool for this like urlwatch? 2. How do you want to participate in the Arch Linux community? I see that you are very active in the IRC and on the bugtracker. Are there other areas, where you are active? 3. Do you use any tools for enforcing a specific PKGBUILD format? For example shfmt? 4. Are you testing your packages? If so, how? Do you spawn a VM via vagrant? Or do you use systemd-nspawn or docker images? Or do you just test it locally on your machine? Thanks chris signature.asc Description: PGP signature
Re: [aur-general] Trusted user application: Drew DeVault
On Sun, Feb 24, 2019 at 06:24:59PM -0500, Discussion about the Arch User Repository (AUR) wrote: > Hiya! Jerome convinced me to finally apply for TU, and Sven-Hendrik > agreed to co-sponsor my application (both Cc'd). > [...] > As a long time fan and user of Arch Linux, I'm looking forward to the > chance to give back to the community. If anyone has any questions, > please let me know. > > -- > Drew DeVault Hi Drew, I have a few questions to you: 1. Can you describe in a few sentences how you build your packages for the AUR and for your own repository? 2. How do you keep track of updates of upstream software? Do you use a specific software for it? Which one? 3. Do you plan to socialize with the community? If yes: on which plattforms? If no: why? 4. What do you like about Arch Linux at most? What do you hate about it? (You can be open here, I will not judge ^___^) 5. Are you willing to attend real-life meetups on conferences like FrosCon, CCC, etc? 6. Do you have any experience with security? 7. A user opens a bug report, where the user reports a security vulnerability in one of your packages. The security vulnerability is unknown and seems to be a 0-day. How do you react? Thats all from me. Thanks for your hard work with sway btw :) best regards, chris / shibumi signature.asc Description: PGP signature
Re: [aur-general] Purge of packages orphaned, out-of-date, and last updated before 2017
On Sat, Jan 26, 2019 at 07:04:28PM -0500, Discussion about the Arch User Repository (AUR) wrote: > On 1/22/19 12:16 AM, Daniel M. Capella via aur-general wrote: > > Based on the loosely defined "cleanup criteria"[], we're overdue for a > > little purge. The candidates can be found here: > > > > https://aur.archlinux.org/packages/?O=0=nd==on=l=a=250_Orphans=Orphans > > https://aur.archlinux.org/packages/?O=250=nd=on=l=a=250_Orphans=Orphans > > > > Please run `aurphan -a` to see if you have any orphaned AUR packages > > installed, > > and do everyone a favor by adopting them. > > > > If there are no objections, it will be done this weekend. A reply will > > be sent for record-keeping with the list of packages prior to deletion. > > > > []: > > https://wiki.archlinux.org/index.php/DeveloperWiki:AUR_Cleanup_Day#Possible_reasons > > In addition to Alad's point about how he once did the same thing and it > did *not* turn out well, I simply don't fathom how you even read what > you did in the AUR Cleanup Day wikipage. > > You are darn right those are loosely defined -- those rules could be > interpreted so loosely as to delete practically any package ever. Hence > why that page actually has nothing to do with making up excuses for some > TU to unilaterally purge random packages en masse. > > The page is as it self-describes, a page discussing how to hold the > semi-regular experience of users looking for old and unmaintained > packages and submitting waves of deletion requests. > > If you would like to do an Alad, please justify it on the grounds that > you yourself want to and decided to do so -- don't try to pretend that > "the Wiki told me to". Because no, the Wiki did not tell you to delete > huge numbers of packages without warning, review, or a chance to let the > people who use the packages appeal the decision on a per-package level. > > -- > Eli Schwartz > Bug Wrangler and Trusted User > I don't understand why we should delete orphaned packages in the AUR at all. They are not harmful (like blowing up our repository like it would do in community) nor are they unused only because they are orphaned. I prefer having a big archive of orphaned packages with the chance that somebody adopts the package and finds a PKGBUILD as base to work on. Or are there some problems I am missing? like for example disk space on our AUR server? best regards, chris signature.asc Description: PGP signature
Re: [aur-general] On TU application, TU participation and community/ package quality
On Sun, Nov 11, 2018 at 01:29:31PM -0500, Discussion about the Arch User Repository (AUR) wrote: > On TU applications, TU participation and package quality: > = > > Many Trusted Users have brought up their concerns regarding the lack > of proper vetting of packages put forward by new TU's, the small > participation of TUs in their duties* and the declining quality of > packages in the community/ repository. As a consequence, we've decided > to bring forward proposals to tackle the following issues: > > ## Issues > > * Existing Trusted Users are not followed closely in their actions, and > the quality of some packages for instance is more than questionable. > * New applications are not carefully reviewed, and a several TUs seem to > just vote “Yes” by default. > * There is a general feeling of decreasing/not high enough quality in > the packages provided in the community/ repository. > * The implication of some TUs in the distribution is very limited > outside of packaging. > > ### current proposals (simplified) > > The discussion #archlinux-tu channel has yielded three general > possibilities: > > 1. Add a council of TU's to introduce oversight on the whole voting >process > 2. Increase the minimum number of sponsors per application > 3. Create a working group of TU's to review recent applications and >warn TU's that do *not* appear to be performing their duties >appropriately > > Consider that these need not be the only possibilities and any further > proposals should be also brought up. > > ## Proposals > > ### TU council > > Creating a council of TUs who, by means of experience and involvement, > make sure the approval of new TU's is properly reviewed. As such, this > council will be in charge of voting in and/or sponsoring a new TU > applicant. > > This raises questions about the horizontal power structure of the TU > community. The consequences of bringing a hierarchy like this need to be > discussed, as more than one TU is concerned of the implications of this > model. > > The means for election for such a council are yet to be discussed, as > the feasibility of this measure is to be discussed first. > > ### Minimum number of sponsors > > An alternative to a TU council is to increase the minimum number of > sponsors for a TU application. This has been the case in other > communities that experienced rapid growth (e.g., CNCF) and may help > increase oversight and preparation of newer applicants. > > Variants of this model can be considered too. For example, a buddy > system in which new applicants need both an experienced TU and a new TU > as sponsors may also help preparing new TU's with the process of > preparing applicants. > > However, one question raised during the discussion is whether this model > is enough to warrant the goals outlined above. Namely, this measure > doesn't seem to tackle the lack of participation of the broader TU > community when reviewing new TU applications. > > ### Oversight committee > > Finally, a third proposal (and the one I'm championing) is to generate > an elected organism within the TU community to overlook the performance > of Trusted Users on the duties they agreed to fulfill. This oversight > committee would track the activities of individual TUs and ensure that > they are in fact participating in reviews, submitting proper > high-quality PKGBUILDS, and moving packages to and from the AUR when the > package's popularity changes. > > The methods by which this committee would enforce better TU > participation are still to be discussed, but issuing warnings and > probably bring cases to the broader TU community regarding an > underperforming TU may be sufficient and nondisruptive. > > ## Conclusions > > The proposals above serve as a first step to discuss and iteratve over > ideas on how to improve TU participation, applications and package > quality. With this in mind, discussion of the applicability of these (or > any other proposal) alone or on tandem should follow suit. > > Thanks! > -Santiago > > P.S.: sorry for the legalose tone. I've probably spent too much time > this week going through governance documents for different communitites. > > P.S.: Some of the ideas put forward is my interpretation of the text > after going through the irc logs. Please correct me if my interpretation > is wrong or incomplete. > > * e.g., reviewing PKGBUILDs or going through AUR requests Hello Santiago, First of all thanks for rewriting this up: https://lists.archlinux.org/pipermail/arch-dev-public/2018-November/029392.html I have a few questions about your oversight comittee. You wrote: > Finally, a third proposal (and the one I'm championing) is to generate > an elected organism within the TU community to overlook the performance > of Trusted Users on the duties they agreed to fulfill. This oversight > committee would track the activities of individual TUs and ensure that > they are in fact participating in reviews,
Re: [aur-general] TU application -- Santiago Torres-Arias
On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote: > Hello everyone, > > Formalities first, Christian Rebischke (Shibumi) is sponsoring my application, > although I'd like to thank so many people for their feedback, help, guidance > and counsel in all-things-Arch*. > > My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate > from New York University. My research focuses on securing the dev-ops > pipeline/supply chain, which includes work on package manager security, > version control system security, securing container orchestrators, > reproducible builds, so on and so forth. It is not a coincidence that > all of these relate strongly with Linux; I believe the Linux environment > pretty much shaped my professional career since I was in High School. > > I've been a GNU/Linux user for more than I can remember, although I started > using it exclusively circa 2011. I started using Debian, Mint and Ubuntu > interchangeably for a couple of years and, as time passed, I started to > develop > personal scripts and unscrew my deterministically-broken distro (I still > remember my hook to fix the fglrx install every time X was updated). This > experience threw me to the other side, and for a while I thought I could > maintain my own LFS-based distribution with scripts of this sort, which led me > to learn a lot about what *not* to do when managing packages. However, It was > when I finally decided to give Arch a serious try (around 2014) that I found > myself enamored with not only the toolchains, but the community and the > philosophy behind the distribution --- I'm now a strong supporter of the > Arch Way(tm) thanks to all the leasons learned through the winding roads > of linux-system-administration. > > Although I've always been an assiduous user of the AUR, not only using but > writing my own PKGBUILDs, It was only until recently (about 8 months now), > that > I've been working towards becoming more familiar with the package ecosystem > with the end goal of becoming a TU. I've received feedback from many members > on > the community on how to fix, extend and follow best practices on writing > PKGBUILDS which I believe has improved their quality[2]. > > Besides maintaining packages I've been contributing to other aspects of > the Arch Linux ecosystem for about three years now. I've participated in > the security team almost since its inception, by providing code to the > tracker, tracking CVE's and sending advisories. Likewise, I've been a > tester for more than a year. I've also participated (although not as > much as I've wanted) on the archlinux-reproducible efforts. Finally, > I've worked along with shibumi and Pierre in making an automated build > of an official Archlinux Docker image. Beyond Arch Linux, I'm a > committer to projects like reproducible-builds.org[3], Briar[4], > neomutt[5], and The Update Framework (TUF)[6], among others[7]. > > There are two main reasons for this application to become a TU. First, I want > to > contribute *more* to a community that has given me so much, and I'm certain > that helping packaging tools for everyone in the community repository will > only > improve the overall user experience. Second, and most importantly, I want to > expand the offer of packages in the official repositories. > > Concretely, I want to maintain the following packages: > > - Orphaned packages (I'm a regular user of these): > - giblib (currently on extra) > - python-pylint (currently on extra) > - uthash > - znc > - cvf > - netctl (?! currently on core, so I suspect I can't maintain this > one) > - python-opencl/pyopencl-headers > > - I'd love to co-maintain some packages that have a packager right now**: > - radare-cutter > - hub > - rtl-sdr > - maven > > - I intend to move the following packages from the AUR: > - reprotest > - git-latexdiff > - python-rstr > - python2-grip > - inxi > - plex-fonts > > Needless to say, I'm open to discussion on this list. I can extend it with any > suggested packages, or discard any packages that aren't deemed popular enough. > > On a less technical, serious note, I love playing guitar! I have a band > and we play progressive, shoegaze, and math-rock. I also like cycling, > and reading on pretty much anything. I'm a Rust fanboy and I'm > re-learning Verilog, as I'm hoping to play around with the RISC-V ISA > and emulate TPM's and other trusted hardware designs. > > Thanks, > -Santiago (Sangy) Torres-Arias > > [1] https://badhomb.re > [2] https://aur.archlinux.org/account/sangy > [3] https://reproducible-builds.org > [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits > [5] https://briarproject.org > [6] https://theupdateframework.com > [7] https://github.com/santiagotorres > > * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1, >
Re: [aur-general] TU application -- Santiago Torres-Arias
On Sun, Jul 29, 2018 at 12:05:56AM -0400, Eli Schwartz via aur-general wrote: > On 07/28/2018 11:57 PM, Christian Rebischke via aur-general wrote: > > On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote: > >> Hello everyone, > >> > >> Formalities first, Christian Rebischke (Shibumi) is sponsoring my > >> application, > >> although I'd like to thank so many people for their feedback, help, > >> guidance > >> and counsel in all-things-Arch*. > >> > >> My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate > >> from New York University. My research focuses on securing the dev-ops > >> pipeline/supply chain, which includes work on package manager security, > >> version control system security, securing container orchestrators, > >> reproducible builds, so on and so forth. It is not a coincidence that > >> all of these relate strongly with Linux; I believe the Linux environment > >> pretty much shaped my professional career since I was in High School. > >> > >> I've been a GNU/Linux user for more than I can remember, although I started > >> using it exclusively circa 2011. I started using Debian, Mint and Ubuntu > >> interchangeably for a couple of years and, as time passed, I started to > >> develop > >> personal scripts and unscrew my deterministically-broken distro (I still > >> remember my hook to fix the fglrx install every time X was updated). This > >> experience threw me to the other side, and for a while I thought I could > >> maintain my own LFS-based distribution with scripts of this sort, which > >> led me > >> to learn a lot about what *not* to do when managing packages. However, It > >> was > >> when I finally decided to give Arch a serious try (around 2014) that I > >> found > >> myself enamored with not only the toolchains, but the community and the > >> philosophy behind the distribution --- I'm now a strong supporter of the > >> Arch Way(tm) thanks to all the leasons learned through the winding roads > >> of linux-system-administration. > >> > >> Although I've always been an assiduous user of the AUR, not only using but > >> writing my own PKGBUILDs, It was only until recently (about 8 months now), > >> that > >> I've been working towards becoming more familiar with the package ecosystem > >> with the end goal of becoming a TU. I've received feedback from many > >> members on > >> the community on how to fix, extend and follow best practices on writing > >> PKGBUILDS which I believe has improved their quality[2]. > >> > >> Besides maintaining packages I've been contributing to other aspects of > >> the Arch Linux ecosystem for about three years now. I've participated in > >> the security team almost since its inception, by providing code to the > >> tracker, tracking CVE's and sending advisories. Likewise, I've been a > >> tester for more than a year. I've also participated (although not as > >> much as I've wanted) on the archlinux-reproducible efforts. Finally, > >> I've worked along with shibumi and Pierre in making an automated build > >> of an official Archlinux Docker image. Beyond Arch Linux, I'm a > >> committer to projects like reproducible-builds.org[3], Briar[4], > >> neomutt[5], and The Update Framework (TUF)[6], among others[7]. > >> > >> There are two main reasons for this application to become a TU. First, I > >> want to > >> contribute *more* to a community that has given me so much, and I'm certain > >> that helping packaging tools for everyone in the community repository will > >> only > >> improve the overall user experience. Second, and most importantly, I want > >> to > >> expand the offer of packages in the official repositories. > >> > >> Concretely, I want to maintain the following packages: > >> > >> - Orphaned packages (I'm a regular user of these): > >> - giblib (currently on extra) > >> - python-pylint (currently on extra) > >> - uthash > >> - znc > >> - cvf > >> - netctl (?! currently on core, so I suspect I can't maintain this > >> one) > >> - python-opencl/pyopencl-headers > >> > >> - I'd love to co-maintain some packages that have a packager right > >> now**: > >> - radare-cutter > >> - hub > >> - rtl-sdr &g
Re: [aur-general] TU application -- Santiago Torres-Arias
On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote: > Hello everyone, > > Formalities first, Christian Rebischke (Shibumi) is sponsoring my application, > although I'd like to thank so many people for their feedback, help, guidance > and counsel in all-things-Arch*. > > My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate > from New York University. My research focuses on securing the dev-ops > pipeline/supply chain, which includes work on package manager security, > version control system security, securing container orchestrators, > reproducible builds, so on and so forth. It is not a coincidence that > all of these relate strongly with Linux; I believe the Linux environment > pretty much shaped my professional career since I was in High School. > > I've been a GNU/Linux user for more than I can remember, although I started > using it exclusively circa 2011. I started using Debian, Mint and Ubuntu > interchangeably for a couple of years and, as time passed, I started to > develop > personal scripts and unscrew my deterministically-broken distro (I still > remember my hook to fix the fglrx install every time X was updated). This > experience threw me to the other side, and for a while I thought I could > maintain my own LFS-based distribution with scripts of this sort, which led me > to learn a lot about what *not* to do when managing packages. However, It was > when I finally decided to give Arch a serious try (around 2014) that I found > myself enamored with not only the toolchains, but the community and the > philosophy behind the distribution --- I'm now a strong supporter of the > Arch Way(tm) thanks to all the leasons learned through the winding roads > of linux-system-administration. > > Although I've always been an assiduous user of the AUR, not only using but > writing my own PKGBUILDs, It was only until recently (about 8 months now), > that > I've been working towards becoming more familiar with the package ecosystem > with the end goal of becoming a TU. I've received feedback from many members > on > the community on how to fix, extend and follow best practices on writing > PKGBUILDS which I believe has improved their quality[2]. > > Besides maintaining packages I've been contributing to other aspects of > the Arch Linux ecosystem for about three years now. I've participated in > the security team almost since its inception, by providing code to the > tracker, tracking CVE's and sending advisories. Likewise, I've been a > tester for more than a year. I've also participated (although not as > much as I've wanted) on the archlinux-reproducible efforts. Finally, > I've worked along with shibumi and Pierre in making an automated build > of an official Archlinux Docker image. Beyond Arch Linux, I'm a > committer to projects like reproducible-builds.org[3], Briar[4], > neomutt[5], and The Update Framework (TUF)[6], among others[7]. > > There are two main reasons for this application to become a TU. First, I want > to > contribute *more* to a community that has given me so much, and I'm certain > that helping packaging tools for everyone in the community repository will > only > improve the overall user experience. Second, and most importantly, I want to > expand the offer of packages in the official repositories. > > Concretely, I want to maintain the following packages: > > - Orphaned packages (I'm a regular user of these): > - giblib (currently on extra) > - python-pylint (currently on extra) > - uthash > - znc > - cvf > - netctl (?! currently on core, so I suspect I can't maintain this > one) > - python-opencl/pyopencl-headers > > - I'd love to co-maintain some packages that have a packager right now**: > - radare-cutter > - hub > - rtl-sdr > - maven > > - I intend to move the following packages from the AUR: > - reprotest > - git-latexdiff > - python-rstr > - python2-grip > - inxi > - plex-fonts > > Needless to say, I'm open to discussion on this list. I can extend it with any > suggested packages, or discard any packages that aren't deemed popular enough. > > On a less technical, serious note, I love playing guitar! I have a band > and we play progressive, shoegaze, and math-rock. I also like cycling, > and reading on pretty much anything. I'm a Rust fanboy and I'm > re-learning Verilog, as I'm hoping to play around with the RISC-V ISA > and emulate TPM's and other trusted hardware designs. > > Thanks, > -Santiago (Sangy) Torres-Arias > > [1] https://badhomb.re > [2] https://aur.archlinux.org/account/sangy > [3] https://reproducible-builds.org > [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits > [5] https://briarproject.org > [6] https://theupdateframework.com > [7] https://github.com/santiagotorres > > * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1, >
Re: [aur-general] TU application -- Santiago Torres-Arias
On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote: > Hello everyone, > > Formalities first, Christian Rebischke (Shibumi) is sponsoring my application, > although I'd like to thank so many people for their feedback, help, guidance > and counsel in all-things-Arch*. > > My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate > from New York University. My research focuses on securing the dev-ops > pipeline/supply chain, which includes work on package manager security, > version control system security, securing container orchestrators, > reproducible builds, so on and so forth. It is not a coincidence that > all of these relate strongly with Linux; I believe the Linux environment > pretty much shaped my professional career since I was in High School. > > I've been a GNU/Linux user for more than I can remember, although I started > using it exclusively circa 2011. I started using Debian, Mint and Ubuntu > interchangeably for a couple of years and, as time passed, I started to > develop > personal scripts and unscrew my deterministically-broken distro (I still > remember my hook to fix the fglrx install every time X was updated). This > experience threw me to the other side, and for a while I thought I could > maintain my own LFS-based distribution with scripts of this sort, which led me > to learn a lot about what *not* to do when managing packages. However, It was > when I finally decided to give Arch a serious try (around 2014) that I found > myself enamored with not only the toolchains, but the community and the > philosophy behind the distribution --- I'm now a strong supporter of the > Arch Way(tm) thanks to all the leasons learned through the winding roads > of linux-system-administration. > > Although I've always been an assiduous user of the AUR, not only using but > writing my own PKGBUILDs, It was only until recently (about 8 months now), > that > I've been working towards becoming more familiar with the package ecosystem > with the end goal of becoming a TU. I've received feedback from many members > on > the community on how to fix, extend and follow best practices on writing > PKGBUILDS which I believe has improved their quality[2]. > > Besides maintaining packages I've been contributing to other aspects of > the Arch Linux ecosystem for about three years now. I've participated in > the security team almost since its inception, by providing code to the > tracker, tracking CVE's and sending advisories. Likewise, I've been a > tester for more than a year. I've also participated (although not as > much as I've wanted) on the archlinux-reproducible efforts. Finally, > I've worked along with shibumi and Pierre in making an automated build > of an official Archlinux Docker image. Beyond Arch Linux, I'm a > committer to projects like reproducible-builds.org[3], Briar[4], > neomutt[5], and The Update Framework (TUF)[6], among others[7]. > > There are two main reasons for this application to become a TU. First, I want > to > contribute *more* to a community that has given me so much, and I'm certain > that helping packaging tools for everyone in the community repository will > only > improve the overall user experience. Second, and most importantly, I want to > expand the offer of packages in the official repositories. > > Concretely, I want to maintain the following packages: > > - Orphaned packages (I'm a regular user of these): > - giblib (currently on extra) > - python-pylint (currently on extra) > - uthash > - znc > - cvf > - netctl (?! currently on core, so I suspect I can't maintain this > one) > - python-opencl/pyopencl-headers > > - I'd love to co-maintain some packages that have a packager right now**: > - radare-cutter > - hub > - rtl-sdr > - maven > > - I intend to move the following packages from the AUR: > - reprotest > - git-latexdiff > - python-rstr > - python2-grip > - inxi > - plex-fonts > > Needless to say, I'm open to discussion on this list. I can extend it with any > suggested packages, or discard any packages that aren't deemed popular enough. > > On a less technical, serious note, I love playing guitar! I have a band > and we play progressive, shoegaze, and math-rock. I also like cycling, > and reading on pretty much anything. I'm a Rust fanboy and I'm > re-learning Verilog, as I'm hoping to play around with the RISC-V ISA > and emulate TPM's and other trusted hardware designs. > > Thanks, > -Santiago (Sangy) Torres-Arias > > [1] https://badhomb.re > [2] https://aur.archlinux.org/account/sangy > [3] https://reproducible-builds.org > [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits > [5] https://briarproject.org > [6] https://theupdateframework.com > [7] https://github.com/santiagotorres > > * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1, >
Re: [aur-general] Basilisk pkgbuild is facing a trademark violation?
On Sat, May 19, 2018 at 07:23:52PM +0200, Fabio Loli via aur-general wrote: > Mattatobin, of which you can read here > > https://github.com/jasperla/openbsd-wip/issues/86 > > Have made this (edited) comment in the AUR webpage asking for removal > > https://aur.archlinux.org/packages/basilisk > > You do realize this package is completely insane. I want you to > remove any remaining Basilisk branding and use of the name including > in the desktop file and this very package from AUR that you are > obviously squatting on. Oh dear.. the behaviour of these palemoon people is so ridiculous and rude. I suggest we support openBSD and just delete the package. If they don't want users they don't get any. Their browser isn't 'that' good at all... just my 2 cents chris signature.asc Description: PGP signature
Re: [aur-general] TU (re-)Application
On Mon, Feb 12, 2018 at 04:18:45AM -0600, Brad Fanella via aur-general wrote: > I respect that decision and will proceed with the standard application > process, proper signatures and all. :) Thanks, I just wanted to be sure that we atleast vote about your re-application and it's nice btw that you want to adopt the MATE packages :) chris signature.asc Description: PGP signature
Re: [aur-general] TU (re-)Application
On Mon, Feb 12, 2018 at 03:52:04AM -0600, Brad Fanella via aur-general wrote: > Frankly I'm not quite sure what that would prove. If I don't have a known > signature on record, signing these emails doesn't do anything to verify my > identity. To imply that I'm "ignoring requests" is a bit disingenuous when > you consider that a PGP signature would change nothing here. > > All the best, > Brad Well, you could at least starting signing your mails with the next email, even if it is a new GPG key. It's something that we expect from TU-Applicants.. and I see no reason why you should excluded from this expectation. That maybe sounds a little bit harsh, but in my opinion you should re-apply on the normal way. I don't think there is a contra against re-applying like all others. I mean you were several years away, so I don't think that 1-2 weeks on top of it will be bad. chris signature.asc Description: PGP signature
Re: [aur-general] TU (re-)Application
On Mon, Feb 12, 2018 at 03:03:32AM -0600, Brad Fanella via aur-general wrote: > > It's been around in some incarnation since 2007, and you have a > > filled-in profile at > > https://www.archlinux.org/people/trusted-user-fellows/#bfanella > > > > So I assumed you must have at one point had access to it, even if > > it's > > been long enough that you have forgotten and/or lost track -- I'm not > > sure offhand what precise role it had at all stages Arch's history. > > Thanks for the help/advice Eli. If I remember correctly, my profile was > filled out by sending the various pieces of information to an > administrator for posting on the site. If I do in fact have access to > archweb, it's not something I could easily get into unfortunately. > > I can also prove ownership of the email account (bradfanella@archlinux. > us) that I sent my original application from in 2010, if that > corroborates my claim. Hello everybody, I kind of feel uncomfortable with this. I think that somebody who has resigned, is not able to sign his mails and seems to ignore requests of doing so, should apply over the normal way like all others do. That would just be fair to all newcomers. If I get this right there is no reliable verification possible for his identity. We should really add a rule for re-application in our TU-Bylaws. Just my 2 cents, Chris signature.asc Description: PGP signature
Re: [aur-general] TU application: Ivy Foster
On Fri, Jan 26, 2018 at 03:23:08PM -0600, Ivy Foster wrote: > # Packages > [..] Hello Ivy, Do you plan to adopt some orphans as well? chris signature.asc Description: PGP signature
