On Wed, Dec 20, 2023, at 5:19 PM, [email protected] wrote: > Here's the summary: > > I uploaded a package that soon got flagged for deletion. There were > multiple reasons stated in the email which got soon accepted afterwards. > I was able to find an email address of the TU and sent him a response to > the claims and even tho they were not valid, namely that ARM only > packages break the rules of the submission guidelines, and that the > package is of low quality due to using curl to fetch pkgver and > checksums, I tried to comply in ways that would eventually make the > package better. I explained that the way AUR handles package updates is > not optimal and that I prefer automated updates over pushing repetitive > git commits. > > After some time have passed I reuploaded a modified PKGBUILD that added > x86 support, after which it was removed again with the reason "Dupe of > [base] linux package". Even tho the pkgurl field has shown it's the > Debian kernel, I've seen this wasn't communicated properly on my behalf > so informed the TU that I'll make a note about the difference in the > package comments section. I pushed a package update after some days and > added the said note and this led to my account being suspended. From my > point of view, I'm being attacked for my effort to resolve issues, but > the expectation is to follow orders rather than obey rules, which is > abusive and also shameful. I have not broken any of the rules despite > being accused of doing so. Meanwhile, only a single person has shown > willingness to help. > > After reading posts of people facing the same or a similar situation, I > was thinking why the Arch community treats its userbase in such a > condescending way and came up with the idea that perhaps it's because > "Arch Linux" is more of a hobby project than it is a commercial > distribution, so there is a sense of ownership and consequently shared > decisions of what "I" want or not to be in it, and therefore no > incentive to keep the users happy. Despite of that, there are better > ways to achieve your goals without the need to be offensive to other > people I think.
As a bystander in this debate, but as a long-time Arch user, I wanted to address a few things here. > ARM only packages break the rules of the submission guidelines I believe you're sort of right here but also sort of wrong. While there's no rule against having architectures other than x86_64, there have been other discussions on this very same list about AUR packages for other Arch-based distros, such as Garuda and Manjaro, and the rule of thumb is that "all uploaded packages must be capable of being built on at least on supported Arch Linux system, and do something useful when installed there" (source <https://lists.archlinux.org/hyperkitty/list/[email protected]/message/DQUVQCWG2HE7MRCQIUYOOJ3ATYNLHKXL/>). When you uploaded a package with only aarch64 as a supported architecture, and the only supported Arch distro is itself which is x86_64, then it's not hard to derive that the package is *not* for Arch Linux proper. > the package is of low quality due to using curl to fetch pkgver and checksums, You shouldn't be using curl for any *any* field in the pkgbuild; it should essentially be a static file with some functions for running prepare, build, and package commands. Anything you may be curling should be pulled ahead of time and placed into the PKGBUILD file. More on that after the next comment... > I explained that the way AUR handles package updates is not optimal and that > I prefer automated updates over pushing repetitive git commits. The AUR handles package updates just fine, it's that your expectation of how it works is wrong. PKGBUILDs aren't supposed to update themselves, that's the job of the maintainer. You, by uploading the package, took on that responsibility of being the maintainer. If you do not want that responsibility, don't upload the package. Also, it's not the job of a singular PKGBUILD to "handle updates"; it shouldn't blindly be fetching some data from a remote source to find things like the version number and checksums. You could very well have scripts that automatically pull the newest version and update the PKGBUILD, which a handful of packages I use actually appear to do to help with updates, but the PKGBUILD itself should be static, a snapshot in time if you will. Additionally, even if you automate the update of PKGBUILD files, you as the maintainer should at the very least be verifying checksums and whatnot to make sure they're correct before uploading. > I pushed a package update after some days and added the said note and this > led to my account being suspended. It's likely because you re-added your package again as "linux-bin" rather than say, "linux-dfsg-bin" as someone suggested earlier in this thread. While the TU may have not mentioned that, they still told you that "linux-bin" was not okay. Now, you might come back and say "well linux-bin doesn't exist in the repos", so you'd be right, however "linux-bin" implies a relationship with the "linux" package, which *does not** *use debian sources, and therefore is named incorrectly anyway. I'm also not sure what you're referring to about "added the said note" as there's no "note" added to your update commit on 12/12. Regardless, the package name was still wrong and should have been corrected. > From my point of view, I'm being attacked for my effort to resolve issues, > but the expectation is to follow orders rather than obey rules, which is > abusive and also shameful. You should read the wiki page entitled "Package Maintainer guidelines <https://wiki.archlinux.org/title/Package_Maintainer_guidelines>"; they are "charged with keeping the AUR in working order", and "should also make an effort to check package submissions in the AUR for malicious code and good PKGBUILDing standards." They're not picking on you, they're simply trying to ensure that the AUR has good hygiene. Everything about your package, including the name, was simply bad, regardless of whether or not it technically worked. So, no it wasn't abusive or shameful. > I have not broken any of the rules despite being accused of doing so. You broke many rules; please read the Arch package guidelines <https://wiki.archlinux.org/title/Arch_package_guidelines>. > Meanwhile, only a single person has shown willingness to help. One thing I learned a long time ago is that you can't and shouldn't infer a person's tone via written speech, as words can be read in a variety of tones; you'll likely pick the one that you think the writer is using and assume that's how you should interpret it. Therefore, you should assume the position that the person communicating with you in this situation is trying to help rather than going straight to a combative stance. The TU and others aren't trying to attack you; that's you interpreting something that's not there. The TUs are just doing the job they've been tasked with doing. > After reading posts of people facing the same or a similar situation, I > was thinking why the Arch community treats its userbase in such a > condescending way and came up with the idea that perhaps it's because > "Arch Linux" is more of a hobby project than it is a commercial > distribution, so there is a sense of ownership and consequently shared > decisions of what "I" want or not to be in it, and therefore no > incentive to keep the users happy. There's a few things to unwrap here. First, I don't think it's condescending that people assume that you've read the documentation before doing things like submitting packages. Lots of work has been put into writing those wiki pages and for someone to come along and break all the rules because they haven't read them comes across a being very disrespectful. Second, if you think commercial distributions are going to just let anyone come along and submit packages, think again. Try submitting the Arch kernel to Debian or Ubuntu; you'll probably just get laughed at and told to go away. Creating packages on Launchpad or OBS isn't the same either; while you can search for packages on the website, and then add those repos to your system, it's not as easy as "yay -S my-package"; it's a completely different type of system. My suggestion for you is: First, contact the TU you've been bad mouthing and apologize, say you didn't understand that they were really trying to help you and that you didn't understand their responsibilities. If English isn't your first language, maybe throw that in there too to help show that it was a genuine misunderstanding. Second, once you've been unsuspended, *before* submitting any more packages to the AUR, maybe post it to this mailing list to get some suggestions, and start the discussion of what the package name should be and whether it even belongs in the AUR in the first place rather than having to get a TU involved after submission. Lastly, ditch the idea that you're going to have the PKGBUILD update itself. As I mentioned, it should effectively be a snapshot in time, with static data. That's not to say you can't automate updating of said PKGBUILD, see this script from the microsoft-edge-stable-bin <https://aur.archlinux.org/cgit/aur.git/tree/update_version.sh?h=microsoft-edge-stable-bin> package as an example. But yes, every time there's an update, you'll have to run your update script and push the new PKGBUILD to the AUR. If that's not acceptable to you, then well just don't upload a package. Just keep the PKGBUILD on your own machine and run a script to automatically check for updates and use said PKGBUILD to build the package. Anyway, thanks for listening.
