[aur-dev] .SRCINFO: handling of commits lacking an update and in general
Doug Newgard
scimmia at archlinux.info
Sun Jul 26 14:00:05 UTC 2015
On Sun, 26 Jul 2015 14:48:04 +0200
Peter Mattern <pmattern at arcor.de> wrote:
> Hello.
>
> Considering the short time AUR 4 is in use the number of commits lacking
> an update of .SRCINFO seems to be rather high.
> The resulting problem is a cosmetic one only as the actual PKGBUILD
> functionality isn't affected but only the package's web page not updated
> accordingly.
> Yet I wonder whether it would be helpful to reject commits lacking the
> update of .SRCINFO if feasible.
Please don't. What about commits that make changes to the PKGBUILD but require
no changes to .SRCINFO?
> Actually I wonder as well whether it wouldn't even be better to not have
> .SRCINFO written by the packagers before uploading a commit but by
> aurweb when commits are received.
> This would ensure that problems like the one stated above can't happen
> and I for one couldn't figure a downside so far.
The downside is that running random bash scripts (PKGBUILDs) on the server is an
unacceptable security risk. That's the entire reason these metadata files were
created.
Doug
More information about the aur-dev
mailing list