Talk:AUR helpers

From ArchWiki
Jump to navigation Jump to search

Expand Secure criteria to include other (non-PKGBUILD) bundled files

[1], in particular [2]

The new criteria would be as follows:

  • PKGBUILD, no other files -> Partial
  • Other subset of files that includes the PKGBUILD -> Partial
  • No PKGBUILD -> No
  • All files in the git repo or tar archive -> Yes

Similar to the Diff view column. -- Alad (talk) 16:32, 4 July 2018 (UTC)

good idea, you also mentioned this for aurman a few months ago, see: really a good idea to implement it in a way, so that changes of all known files are being shown Polygamma (talk) 17:07, 4 July 2018 (UTC)
"All files in the git repo or tar archive -> Yes" What exactly do you mean by all files? Build files often contain non text files such as images. Git diff is smart enough to hide these but then you could consider that partial because not all files are covered.
In my opinion all a helper has to do to be secure it pause and allow the user to read the build files. The helper does not even need to offer to open them for you that's the user's responsibility. Anything more than that is nice to have but not strictly needed. Morganamilo (talk) 20:25, 4 July 2018 (UTC)
If this qualifies as "nice to have", there has to be an explicit warning that a green entry in the "Secure" column does not cover other files, files which may cause more harm than the PKGBUILD itself (such as .install files or exectuables called from the PKGBUILD). In either case it's misleading, since you either give the impression that viewing PKGBUILDs alone is sufficient (with the current criteria), or include a warning that diminguishes the value of the criteria in the first place.
Latter is similar to "Native pacman", in that you have a warning at the article top warning against any sort of pacman wrapping, and criteria in the table that ignore this warning, or even reward behavior which goes against it. -- Alad (talk) 17:07, 8 July 2018 (UTC)
That's a fair point, what about changing the name to "show files before sourcing" or something? Seems more accurate. Then it would make sense that not showing .install files to be partial. The only problem I see that it's not as hard hitting as "secure". Morganamilo (talk) 20:11, 8 July 2018 (UTC)
It cuts both ways: it's an effective deterrent against broken helpers, but it also gives the impression that using a "Secure" helper makes usage of the AUR safe, which it definitely doesn't. I'm not sure on what different name to use, though. -- Alad (talk) 17:25, 14 July 2018 (UTC)
I guess "File view" could work. -- Alad (talk) 17:44, 14 July 2018 (UTC)
The column name was updated to "File review". Are there remaining helpers that only display the PKGBUILD? (trizenAUR springs to mind) -- Alad (talk) 15:30, 23 August 2018 (UTC)
Trizen prompts for "most" files, see [3] and following, closing. -- Alad (talk) 19:07, 18 May 2019 (UTC)

Move warning after the intro

This was previously revered due to unintended change in meaning, so I propose it here:

Warning: AUR helpers are not supported by Arch Linux developers and not present in the official repositories.
In order to be prepared to troubleshoot problems you should become familiar with the manual build process.
  • First you introduce what is AUR helpers, then provide a warning. This is consistent with AUR, Wine articles.
  • Merge warning with last intro sentence.
  • Move troubleshooting out of the warning as separate and final point in the intro.

Hopefully these make sense, wording is not changed much, except word "developer" after "Arch Linux".

-- Svito (talk) 00:33, 10 May 2019 (UTC)

I question changing the text of the warning. The article contains two "helpers" which are in the repos - devtools and aurpublish - a similar mention is already in AUR_Trusted_User_Guidelines#Rules_for_Packages_Entering_the_.5Bcommunity.5D_Repo, and adding "not in the repos" is more redundant than something that adds strength to the existing warning.
As to the location of the warning, I would argue the reverse: move the warnings in articles like AUR up, rather than the warning here down. People acknowledging the warning may decide to not more spend any time on the topic at hand. -- Alad (talk) 18:55, 18 May 2019 (UTC)
Good reasoning. Closing. -- Svito (talk) 23:58, 18 May 2019 (UTC)

Add Raur (rust package) to the list of 'Other's at the bottom.

Hey guys! I'm the lead developer of raur. I was simply wondering if it could be added to the bottom. It seems to be more comprehensive than the existing as it implements the entire interface, as well as all search strategies provided by the interface.

Thanks guys,

DavidBittner (talk) 00:16, 18 May 2019 (UTC) David

I'm hesitant in adding a second project to the page which has no AUR package, but I guess it's part of the "bundle everything" philosophy of these languages... -- Alad (talk) 19:00, 18 May 2019 (UTC)

Legend editions

Special:Diff/573543/573551: Good revert, I did these late into sleepless night and did not notice this were huge and not that thought through changes :/

  • Merge note definitions for partial and optional as part of legends list? This was a mistake, note there exactly makes sense according to style rules.
  • Add known used unsafe flags to legend, add that asterisk means optional, as it may be unclear?
  • Move legend concerning pacman wrappers only inside its section? Alternatively mention these apply only to pacman wrappers, example text:
Unsafe flags
Potentially harmful pacman flags that could be used by #pacman wrappers.
Note: Asterisk means these pacman flags are optionally enabled.
Batch interaction
Ability of #pacman wrappers to prompt before the build process and package transactions, in particular:
  1. Combined summary of repository and AUR package upgrades;
  2. Resolution of package conflicts and choice of providers.

-- Svito (talk) 07:33, 22 May 2019 (UTC)

packer should still be mentioned in the wiki even if it's discontinued

I had no idea where the packer aur package went because **apparently** someone decided to completely remove it from every single mention on the wiki. How was I supposed to know it was discontinued? Do I have to check the edit history just to know? What about all the other people who might still use packer, as there was a fork that has also disappeared in the AUR? Am I supposed to move to a different helper or fork it myself? Absolutely no consideration.

Bu.domino (talk) 11:59, 23 May 2019 (UTC)

It's no longer in the AUR (same for yaourt and countlessly many other helpers which were discontinued over the years). If you want to keep track of this, you can enable email notifications. -- Alad (talk) 15:20, 23 May 2019 (UTC)