Re: [aur-general] FYI: New packages have to be signed
Just wondering, as a user, does this mean Pacman will now complain if one builds and installs unsigned packages from the AUR? Smartboy On Tue, Nov 1, 2011 at 7:40 AM, Pierre Schmitz pie...@archlinux.de wrote: Hi all, as discussed all new packages have to be signed from now on. This mean that if you use a build server you have to download the package to create the signature. Also see https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages A new version of devtools will follow soon. Greetings, Pierre -- Pierre Schmitz, http://pierre-schmitz.com
Re: [aur-general] FYI: New packages have to be signed
Alright, disregard my reply. Sorry. ^^; Smartboy
Re: [aur-general] Acne treatments
Ok can someone please remove this person from the mailing list?
Re: [aur-general] AUR Copyright
On 02/10/2011 04:25 AM, Michael Schubert wrote: I think there is one issue most people are overlooking: licensing is *not* the same as ownership. Ownership allows you to release your code under any license you want and other users are able to use it under the terms of the license. Do not make the error of wanting to transfer ownership instead of just a license release. Also, I fully agree with Peter Lewis' sentiments 2 posts ago: it is dull, but important to get right. Adding to that, a license on an individual PKGBUILD may not be enforcable (since it is unlikely to reach the complexity threshold), however, given the vast amount of scripts in the AUR database as a whole, they will be. Thus I would propose an uploads are licensed under [...] next to the submit button, which should sufficiently cover the issue. My general thoughts: - PKGBUILDs should be freely distributable - Attribution of the previous authors should be mandatory - Commercial exploitation (i.e., using/modifying without giving anything back) should not be possible These points are all covered by the GPL. Plus it would be simple since most of Arch is already under that license. BSD won't cover the third. Public domain won't cover points 2 and 3. Thus, I think GPL would be the (only) right choice. 2011/2/10 Xynex...@archlinux.ca On 2011-02-07 09:13 -0200 (06:1) Bernardo Barros wrote: 2011/2/6 Ray Rashifsc...@archlinux.org: # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 But Arch is a legal entity? Can we put Arch as the copyright holder? That would make it possible for Arch to prevent packagers from distributing their own packages. It would almost certainly never happen, but naive optimism is a bad thing. I have seen OSS projects sell out to corporations before. That's also why I remove the or any later version clause from anything that I release under the GPL. No one can guarantee that there will never be a major loophole in a future version, or that all future versions will be in the same spirit. What I do not like about the GPL is that it forces people to republish derivative works under the GPL license, rather than under another license. As long as the maintainer (aka copyright holder) are allowed to specify their own license then I'd be fine with it, though. Smartboy
Re: [aur-general] aur website default ssl
On 10/30/2010 04:42 AM, Philipp Überbacher wrote: Excerpts from Justin Davis's message of 2010-10-29 20:25:26 +0200: I'm glad I sparked a discussion! I however am still on the decidedly non-paranoid side. Yes I know how man in the middle attacks work. Yes I understand it's possible. No I don't think it's likely. Basically because there is no money involved. Take that as naivete or ignorance if you want but I'm not jumping on the bandwagon. Everyone has taken a technical low-level look at the problem but my point of view is a little broader. The AUR security model is so weak as it is. Anyone can upload any package to run arbitrary code on your machine. Just slapping on https as if to say we're secure now! doesn't make me feel more secure. If someone wants to mess with me they don't have to hijack my connection they just upload a bad package. Just to be clear I think the freedom of allowing anyone to upload a package is a good thing and worth the security risk. I haven't been bitten by any malicious packages so far though I usually check them. HTTPS is great, feel free to use it. Switching it to mandatory and telling me how much better off I am seems a bit like evangelism. I don't think HTTPS is bad I just think forcing everything to HTTPS is a lazier than fixing the login to use HTTPS. Yes people can sniff my session id to just about any site I visit. Session IDs change. Sniffing a password is much more dangerous. Passwords are personal property. Passwords can be reused... like on other ArchLinux sites. Often enough, and AUR is an example, it's sufficient to be logged in to change the current password. Knowing the session ID is thus almost equivalent to knowing the password. Yes, but one thing keeps coming up in my mind: how many people would actually DO this? It isn't like the AUR is that big a target, most PKGBUILDs aren't that big a target and I doubt a hacker would go out of their way to track one of the maintainers, wait for them to go to a public network, then get their session id. If it were one of the binary repos, I'd understand, but at this point it just seems like Fear, Uncertainty, and Doubt have visited once again. Smartboy
[aur-general] Please delete aptana-studio
Hello, Today I noticed that in AUR there are two packages which seem to do the same thing, one named Aptana[1] and the other Aptana-Studio[2]. Looks like Aptana-Studio is much newer than Aptana with fewer votes, and was created initially instead of ophraning Aptana. Therefore, I propose Aptana-Studio to be deleted. Thanks, Smartboy [1] http://aur.archlinux.org/packages.php?ID=7147 [2] http://aur.archlinux.org/packages.php?ID=31634
Re: [aur-general] Please delete aptana-studio
On 10/24/2010 10:06 AM, Ray Rashif wrote: 2010/10/24 Lukáš Jirkovskýl.jirkov...@gmail.com: On 24 October 2010 17:42, Smartboysmartboyath...@gmail.com wrote: Hello, Today I noticed that in AUR there are two packages which seem to do the same thing, one named Aptana[1] and the other Aptana-Studio[2]. Looks like Aptana-Studio is much newer than Aptana with fewer votes, and was created initially instead of ophraning Aptana. Therefore, I propose Aptana-Studio to be deleted. Thanks, Smartboy [1] http://aur.archlinux.org/packages.php?ID=7147 [2] http://aur.archlinux.org/packages.php?ID=31634 Aptana-Studio has much better PKGBUILD. And it's got the right name. Aptana is the company. Then should Aptana be deleted? Seems confusing to me to have both Aptana and Aptana-Studio which do the same thing. Smartboy
Re: [aur-general] Orphaning request - chromium-beta and clamav-devel
On 09/23/2010 04:30 PM, Ng Oon-Ee wrote: On Thu, 2010-09-23 at 17:38 -0500, Brad Fanella wrote: On Thu, Sep 23, 2010 at 5:30 PM, Ray Rashif sc...@archlinux.org wrote: On 24 September 2010 05:34, Brad Fanella bradfane...@archlinux.us wrote: I don't think what I'm saying here is being clearly understood. :-( Sorry, I missed the whole Det business. All in all, that kind of contribution (what Det appears to be doing) is not encouraged, but it _is_ somewhat of a contribution. From the way I see it, he's just a concerned party, preemptive about the fate of a particular package. It's fine. :-) I just wanted someone to confirm my sanity! Note to readers: This is not implying that help on the AUR is not appriciated; rather, if you are going to update a package multiple times, please adopt it to make life easier. And use orphan requests as a last resort! Thanks, Brad This is where 'multiple owners' of a package would be useful (I know its already been discussed a week ago). Besides the maintainer assigning a secondary maintainer, some maintainers could perhaps be given to option to say, in effect, anyone interested can be my second maintainer, but that person's maintainership does not affect the maintainership of the first maintainer. Or something like that... The reason I've seen against that is that someone could edit a PKGBUILD in order to include malicious content (not like they couldn't do it already, though only with new/orphaned packages). Overall I do think that the ability to allow multiple maintainers would be a good idea since it allows for group collaboration (similar to how subversion repositories allow multiple maintainers). Smartboy
Re: [aur-general] pastebinit: packager MIA
On 09/12/2010 10:08 AM, Bernhard Walle wrote: * François Boulogne boulogn...@gmail.com [2010-09-12 18:31]: The following package http://aur.archlinux.org/packages.php?ID=14710 for pastebinit is no longer maintained. I sent an email to the PKGBUILD author, he didn't reply me; so I guess he is MIA. Just for interest: What is MIA? Regards, Bernhard M(issing) I(n) A(ction) :) Smartboy
Re: [aur-general] Aptana and ELF Files
On 09/01/2010 03:42 PM, Nathan O wrote: Currently I have adopted Aptana and updated it to a nicer PKGBUILD. Namcap gives me that ELF files are outside of a valid path. The way Aptana is packaged, it seems you would need to copy the source directory to another directory on the system, for example /opt/${pkgname}. Since you can't compile the program and if you seperate the files or directories, the program would not very likely run. What should I do? Ignore it, or put the files/directories in another location besides /opt? As a former maintainer, I found putting the files in /opt and using proper scripts/symlinks worked best for it. I've seen other binary packages (for example Enemy Territory: Quake Wars) use this, and it works for them. Smartboy
Re: [aur-general] Desktube
On 08/25/2010 09:32 PM, Nathan O wrote: I am wondering should Desktube be deleted http://aur.archlinux.org/packages.php?ID=24581 ? Currently the home page states that they are working on a newer version and the location for the download redirects to the homepage. I have searched for an alternative download location, but currently I only see the old version of Desktube. I found one that is for version 1.0, but it redirects to the homepage of Desktube. My opinion is that maybe it should be deleted and somebody will probably re-add Desktube into AUR whenever the new version is released(if ever). Yes it is old, but it is available at Brothersoft http://www.brothersoft.com/desktube-223167.html. I'm no TU, but I'd say it can be deleted, since it is easy enough to run DeskTube from the air file. Smartboy
Re: [aur-general] A slew of deprecated packages (none of which are mine)
On 08/24/2010 06:31 PM, Nathan O wrote: On Tue, Aug 24, 2010 at 8:29 PM, Brad Fanella bradfane...@archlinux.uswrote: On Aug 24, 2010, at 8:24 PM, Nathan O ndowens@gmail.com wrote: On Tue, Aug 24, 2010 at 8:22 PM, Brad Fanella bradfane...@archlinux.us wrote: On Aug 24, 2010, at 8:15 PM, Nathan O ndowens@gmail.com wrote: If I remember correctly, Songbird is not going to release anymore updates for the Linux version. That is if they don't change their minds. From what I have read in their FAQs and other discussions, they don't plan on ever supporting Linux again. They are, in my opinion, going to lose some user base Not a very large one though. I think with the small market share Linux has, it's more trouble than it's worth for them. It maybe, though it would be nice to have something like that around I believe. There is always Nightingale, the fork of Songbird which runs on Linux. Smartboy
Re: [aur-general] C++ problem with conflicting declarations
On Thu, Nov 12, 2009 at 11:21 AM, Stefan Husmann stefan-husm...@t-online.de wrote: Hello, when I try to compile xaralx I get In file included from /usr/include/glib-2.0/gio/gio.h:28, from /usr/include/gtk-2.0/gdk/gdkapplaunchcontext.h:30, from /usr/include/gtk-2.0/gdk/gdk.h:32, from /usr/include/gtk-2.0/gtk/gtk.h:32, from ftfonts.cpp:125: /usr/include/glib-2.0/gio/giotypes.h:120: error: conflicting declaration 'typedef struct _GSocket GSocket' /usr/include/wx-2.8/wx/unix/gsockunx.h:41: error: 'class GSocket' has a previous declaration as 'class GSocket' ftfonts.cpp: In static member function 'static BOOL FTFontMan::CacheFontCore(String_64*, BOOL)': ftfonts.cpp:262: warning: deprecated conversion from string constant to 'char*' ftfonts.cpp:262: warning: deprecated conversion from string constant to 'TCHAR*' ftfonts.cpp:288: warning: deprecated conversion from string constant to 'char*' ftfonts.cpp:288: warning: deprecated conversion from string constant to 'TCHAR*' ftfonts.cpp: In static member function 'static FTFont* FTFontMan::CreateNewFont(String_64*, FontClass)': ftfonts.cpp:703: warning: deprecated conversion from string constant to 'char*' ftfonts.cpp:703: warning: deprecated conversion from string constant to 'TCHAR*' make[2]: *** [libwxOil_a-ftfonts.o] Error 1 make[2]: Leaving directory `/home/haawda/paketierung/maintained_by_me/xaralx/src/XaraLX-0.7r1785/wxOil' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/haawda/paketierung/maintained_by_me/xaralx/src/XaraLX-0.7r1785/wxOil' make: *** [all-recursive] Error 1 /usr/include/glib-2.0/gio/giotypes.h is included in glib2, /usr/include/wx-2.8/wx/unix/gsockunx.h is included in wxgtk. What is to do in such cases? Is this a bug in glib2 or in wxgtk? Regards Stefan The problem may be bitrot. The latest Xara Linux package was released 3 years ago, and since then not much has been done to maintain it. Smartboy
Re: [aur-general] xulrunner in AUR and extra?
I know it used to be required for Aptana, which is why it was uploaded (I think). Now it isn't required by it anymore, though. Smartboy On Mon, Oct 26, 2009 at 10:25 PM, Eric Bélanger snowmanisc...@gmail.comwrote: On Tue, Oct 27, 2009 at 12:07 AM, Phillip Smith arch-gene...@fukawi2.nl wrote: I'm going through the orphans list in the AUR at the moment looking for packages to adopt, and came across xulrunner. Given then xulrunner is now in extra, shouldn't it be removed from the AUR? The package in AUR is xulrunner-1.8, not xulrunner. I guess it's there because it is (was?) required for apps that didn't worked with the latest xulrunner.
[aur-general] Some packages to consider deleting...
I went through parts of AUR today intending to find some packages which could be deleted for various reasons. Here is what I got: audacious-beta http://aur.archlinux.org/packages.php?ID=26394, audacious-plugins-beta http://aur.archlinux.org/packages.php?ID=26395: Its an old, unmaintained version of Audacious. The version in the repos is 2 minor versions ahead of this one. I think it can safely be removed without hurting anything. bang http://aur.archlinux.org/packages.php?ID=15238: This hasn't been maintained upstream for a while, and doesn't even build anymore. There is always Ecomorph, which is somewhat more maintained upstream. beryl-bmenu, beryl-desktopclick, beryl-screensaver: Beryl isn't available for Arch anymore, and hasn't been developed for over 2 years now. These can be removed. cairo-newspr http://aur.archlinux.org/packages.php?ID=16587: Gentoo isn't even using the patches anymore, and the maintainer abandoned it. I see no reason for this package to stick around. catalyst-vanilla http://aur.archlinux.org/packages.php?ID=24451: Old, unmaintained, a duplicate of the catalyst pkgbuild, and the old maintainer even asked for it to be deleted in the comments. Those should be reason enough to delete this PKGBUILD. ejourn http://aur.archlinux.org/packages.php?ID=2772: Project page is down, with the program innacessable. Package hasn't been updated in 3 years. It should be deleted. enna-cvs http://aur.archlinux.org/packages.php?ID=14653: e17 switched to svn long ago. This should be deleted. php4-gtk http://aur.archlinux.org/packages.php?ID=730: This is for php version 4, which isn't available in arch. Hasn't been updated in years. qtpoveditor http://aur.archlinux.org/packages.php?ID=2719: Doesn't work anymore, and isn't supported either. rstatd http://aur.archlinux.org/packages.php?ID=2557: Doesn't work anymore, program itself last updated in 2005. Hope this helps make AUR just a little bit cleaner. ;) Smartboy
Re: [aur-general] Adding a .deb packaged application to the AUR
On Fri, Sep 18, 2009 at 12:09 PM, Jeff Horelick jdho...@gmail.com wrote: Hello Listmates, I have a package here i'd really like to add to the AUR. The problem is that its packaged in a .deb. How would i go about packaging this for Arch? Feel free to just point at: Look at this other package or Read this wiki page. In case some of you guys don't know the formmat that a .deb is in: An ar archive, inside there are 2 tarballs, one called control.tar.gz which for our purposes can be mostly ignored and one called data.tar.gz which has the actual application files laid out in the directory structure of the system similar to a Arch final binary package. (usr/bin/stuff, usr/share/stuff and so on). Or would it be easier for me to just setup a GitHub or BitBucket account, drop all the source files on there and simply make a hg or git package? (For the record and all, it's not my project, but it is GPLv2 so) Use deb2targz to convert it to a binary suitable for integration with a pkgbuild. It would be better to just put the source files in GitHub, though, as using sources is preferred over binaries in Arch. If you want an example of a PKGBUILD which converts a binary deb package to a tar.gz, see my oz-e17-tools packagehttp://aur.archlinux.org/packages.php?ID=23227 . Smartboy
Re: [aur-general] Incrementing pkgrel
On Fri, Aug 7, 2009 at 3:48 PM, Nicola Fontana n...@entidi.it wrote: Hi all, what is the common practice when facing a PKGBUILD update that does not change the final binary package nor the dependency tree (let's say, a type in an echo message or a wrong # Contributor: line)? Do I have to increment the pkgrel value anyway? This is the guilty PKGBUILD: it is pretty straightforward but... just in case I have made some other stupid mistake. http://aur.archlinux.org/packages/gtk2panel/gtk2panel/PKGBUILD Thanks in advance. -- Nicola In order for it to be updated in AUR, you need to at least increment the PKGBUILD's pkgrel by one. Otherwise it won't update it.
Re: [aur-general] AUR Moving
On Mon, Jun 29, 2009 at 2:09 PM, Aaron Griffin aaronmgrif...@gmail.comwrote: Is anyone from North America having issues? Is it a continental thing? No trouble here, it pings just fine here in Washington state. --- aur.archlinux.org ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9025ms rtt min/avg/max/mdev = 72.044/74.287/78.242/1.592 ms
Re: [aur-general] fspclient PKGBUILD
On Thu, Jun 25, 2009 at 3:31 PM, nathan owe. ndowen...@gmail.com wrote: ok. well i guess i can copy the fsprc file to /usr/share/fsp/ and make a install script to let the users know where to get the file and how to do it? Ronald van Haren wrote: On Fri, Jun 26, 2009 at 12:25 AM, nathan owe. ndowen...@gmail.com wrote: can i do install -dm755 $srcdir/fsprc $pkgdir$HOME/.fsprc i tried install -dm755 $srcdir/fsprc $pkgdir~/.fsprc but it wouldn't install it to the $HOME dir you shouldn't install files to the users home directory Ronald Yes, that is the more proper thing to do.
Re: [aur-general] doc dir
On Wed, Jun 10, 2009 at 4:38 PM, nathan owe. ndowen...@gmail.com wrote: nathan owe. wrote: nathan owe. wrote: nathan owe. wrote: i used namcap and it is saying the package uses a non standard dir /usr/doc. this is probably wrong but i know how to make it tell where the mandir is, so i tried docdir={$pkgname}/usr/share/doc how can i fix this thanks nm i think i found my mistake maybe nope still wants to install the docs to a non standard dir. and i seen the mandir={$pkgdir} instead of pkgname so how do i tell it where to install the docs at You can always move the docs manually if all else fails. Just use install to move it. Not very clean, but it works for the time being. Smartboy
[aur-general] Please delete my package...
I accidentally uploaded the package with the wrong name (forgot the -git). I uploaded it again with the right name. Please delete it. :) Smartboy
[aur-general] Wasn't Community supposed to be removed from AUR?
Weren't community packages supposed to be removed from AUR? I thought there was consensus months ago to remove it. Smartboy
Re: [aur-general] Can't adopt mysql-gui-tools
On Sun, Mar 15, 2009 at 2:48 PM, Ali H. Caliskan ali.h.calis...@gmail.com wrote: Hi, I can't adopt the orphaned mysql-gui-tools package. http://aur.archlinux.org/packages.php?ID=9126 ali That is because it is a community package (not an unsupported one). Perhaps one of the TUs can move it to unsupported. Smartboy
Re: [aur-general] status moving to official db scripts?
On Thu, Mar 5, 2009 at 2:48 PM, Evangelos Foutras foutre...@gmail.com wrote: On Fri, Mar 6, 2009 at 12:43 AM, Allan McRae al...@archlinux.org wrote: But given I don't want them there, I agree that we decided [community] does not need AUR! Agreed. In my opinion, AUR should be used for unsupported packages only. So then would we include the community packages at http://www.archlinux.org/packages/ ? I kind of like that idea, keeps things separate. Smartboy
[aur-general] Request for deletion of ecomorph-* packages
A new version of ecomorph is out, and the GIT is out of date right now. I have created a new ecomorph package for these, and the others (which are now out of date, broken, and were already orphaned) need to be deleted. Thanks, Smartboy