Why isn't aurbuild in community?

arooaroo · 2006-03-08 11:57:21

Penguin wrote:

http://aur.archlinux.org/packages.php?K=aurbuild

Time to put this in Community, Penguin. It's got the votes.

Cerebral · 2006-03-08 12:02:55

arooaroo wrote:

Time to put this in Community, Penguin. It's got the votes.

Snowman said it best in the comments on aurbuild's AUR page:

Snowman wrote:

Tools like aurbuild or qpkg will never go in the community repo because they install packages that are unsupported. If they would be in the community repo, some users might get the impression that they can start to install any unsupported package without first examining the PKGBUILD, .install file and other files that comes with them. I'm not saying that aurbuild or qpkg are bad (they can be quite useful) but they will remain in unsupported.

arooaroo · 2006-03-08 12:21:37

Thanks for pointing that out Cerebral, I hadn't read all the comments.

That's a real shame as I think it's the wrong decision. Is this just Penguin's decision, or one that was decided much higher up?

If I ever get around to putting AUR support in to Jacman, I fully expect Jacman to remain in Community. I personally don't see the dilemma. What I'm assuming is that because the user has to go through the steps of installing aurbuild manually, the user is fully aware that they are installing an app that allows them to install unsupported packages.

But if I enable the Community repo, and then pacman -S aurbuild, then I'm not aware of this? If a user installs aurbuild through pacman, they are less likely to consider checking through the PKGBUILD or .install. I don't get the logic.

T-Dawg · 2006-03-08 14:05:19

The decision was not mine and I have no powers to AUR to do so. There's no use in pointing fingers at one person, it was a decision approved by all the TU's. I knew fully well when I wrote this that a movement into [community] repo could be desputed because of what it does, so none of this really bothers me.
The only downside to not being in community repo is that it is not as easy to install through pacman. As far as keeping it up-to-date, it is just as easy using aurbuild's --upgrade switch.

arooaroo · 2006-03-08 14:16:38

Penguin wrote:

The decision was not mine and I have no powers to AUR to do so. There's no use in pointing fingers at one person, it was a decision approved by all the TU's. I knew fully well when I wrote this that a movement into [community] repo could be desputed because of what it does, so none of this really bothers me.
The only downside to not being in community repo is that it is not as easy to install through pacman. As far as keeping it up-to-date, it is just as easy using aurbuild's --upgrade switch.

Thanks for clarifying Penguin.

I think that's a real shame though. The only time installing packages has had a bad effect to me is through upgrading official core packages via pacman (kernel, udev, various libs, xorg, ...). Any user is more than capable of causing trouble without touching the AUR. Perhaps the rm command ought to be omitted by default, as it may cause problems, and make users who really need it to compile it themselves!

Thank god I'm protected from easily installing packages from the AUR

This is not a dig at you, Penguin. Thanks a lot for making such a cool app.

Dusty · 2006-03-08 16:34:25

I think more and more people are using aurbuild unofficially. and that it will eventually become accepted. The TUs have already gone in the direction of making aurbuild safer by flagging packages as safe (beats the hell out of me why an automated build system couldn't put safe packages in a pacmannable repository....). I think this political issue will eventually just disappear as the TUs start to trust their own system. :-D More votes for aurbuild may also remind them that people want it in ocmmunity, even if they think they know better.

As a general rule, Archers are pretty smart, and should know to check their PKGBUILDs before installing. On the other hand, if they're that smart, they can figure out how to intsall aurbuild using makepkg. Keeping it out of community ensures you have some knowledge before you install it.

I suppose a compromise would be to put a restricted version of aurbuild taht only installs safe packages in community and leave the full version in unsupported.

pacman -S aurbuild-safe
aurbuild-safe -s aurbuild

:-D

Dusty

arooaroo · 2006-03-08 16:42:08

Dusty wrote:

pacman -S aurbuild-safe
aurbuild-safe -s aurbuild
:-D
Dusty

LOL!

Seriously, it's a fair approach.

It's my view that after all the great work that has been done to get the AUR up and running, and to make it the success it already is, the next step is to improve access to it and make it simpler to install the packages that are stored there.

Cerebral · 2006-03-08 21:06:57

From my standpoint (and I wasn't involved in the original decision, I became a TU after it was made) the reason aurbuild is kept out of [community] is not because we're trying to protect users from themselves, but simply because AUR is two parts: unsupported and community.

Community contains packages that are supported by the TUs - anything in community is checked, built, and tested by us before it gets in there.

Unsupported contains, by definition, packages that are not supported by any 'official' representitive of Arch. We just don't support them. If we want to support one, we pull it into community.

This is where the problem arises with aurbuild - this application specifically supports 'unsupported' packages - if we pull it into community, that's providing 'official' support for packages we DON'T officially support, and that's the dig.

As far as an automated build system goes, I'm strongly against that idea. TU's flag packages as safe based on their PKGBUILDs - but we don't normally test to ensure the packages build correctly, run correctly, or anything of that sort, just to make sure there isn't anything malicious in the PKGBUILD or included script files.

Anyway, that's my personal view on it. As I said before, I wasn't a part of the original decision, so I don't know the 'real' reason it's kept out, but I agree with it nonetheless.

Dusty · 2006-03-08 21:29:23

Cerebral wrote:

This is where the problem arises with aurbuild - this application specifically supports 'unsupported' packages - if we pull it into community, that's providing 'official' support for packages we DON'T officially support, and that's the dig.

IMNSHO, that's utter crap. Do we provide official support for Skype? Its in community with the most votes. If something goes wrong with your skype player, its not the TU's faut. A better example would be azureus, which is now in extra. When it was in community, was it the TU's responsibility to ensure that the users are not downloading copyrighted material using Azureus? Is it for this reason that limewire is not promoted to community?

How then, is it the TU's responsibility to ensure users are not downloading unsafe PKGBUILD's? If its anybody's fault, its the original developer (Penguin, you're looking for a lawsuit!!), not the guy who puts it in community. Just because its there doesn't mean its got official support from anyone. Its a useful tool, it could be dangerous, but that's up to the users. Users are going to use it anyway -- its a matter of convenience whether it is in community or not, not a matter of support.

Dusty

Cerebral · 2006-03-08 22:31:58

Dusty, I think you missed my meaning.

I never said we supported the apps, I said we supported the packages, which is an important difference.

Do we provide official support for Skype? No. But swiergot provides official support for the Skype package in community - if there's a problem with the package (ie. bad dependencies, new version of skype available, etc...), swiergot will jump on that and fix it up, then upload a new version probably pretty quickly.

However, with a package in unsupported, nobody but the person who uploaded the package, and sometimes not even that person, supports the package; there's no guarantee the PKGBUILD will ever be touched again after its initial upload.

Take the update to Xorg 7 as a big example - many dependencies on many packages in the AUR needed to be updated. I bet dollars to donuts (note: haven't actually checked) that the packages in community got updated, and are hopefully all fixed in that regard by now - however I've found many packages in unsupported which still depend on 'xorg' or 'x-server'.

How then, is it the TU's responsibility to ensure users are not downloading unsafe PKGBUILDS?

I already replied to this. I said we're NOT trying to protect users from themselves - it's just a matter of saying "I support this package" vs. "We don't support this package" - plain and simple. No moral high-ground, no "protection", no 'worries of lawsuits' or whatever, no meaning besides that attached at all - just us saying "Hey, if there's an update to this package in unsupported or it doesn't compile with gcc4 or something, then we aren't going to fix it; that's up to somebody else."

Standard postfix: This has been my opinion, which is not necessarily the opinion of all TUs.

arooaroo · 2006-03-08 22:37:49

Hang on a minute.

* AUR set up to store user contributed packages. The vast majority will be unsupported.
* To use the AUR, one must browse the site (or search), download the PKGBUILD (or tar), run makepkg (having made sure that you've installed ABS) and install.
* aurbuild is developed to streamline the task.
* aurbuild is deemed risky because you can build unsupported pacakges, thus will never enter Community.

Can we infer that ABS's position is now being reconsidered?

The definition of "supported" seems to be ambiguous. In my mind, "supported" in this context means that there is a dev who's happy to package, make sure it works, and update it when necessary. There are many "supported" packages that you could install and bugger up your system quite quickly. (Many of us have been caught out with some funky rm usage, or a bit of bash scripting, gone wrong).

aurbuild doesn't come preinstalled. It means that the user must know about AUR, must know aurbuild exists and what it does. It's fair to assume at that point the user knows that they are potentially installing unsupported packages.

I'm sure Penguin would agree to ensuring there are safeguards where the user is well notified if they are about to install a package not yet tagged as safe, etc.

I just think it's a bit pointless, building up the AUR and then saying, heck, it's nice, but don't trust it.

arooaroo · 2006-03-08 22:41:24

Cerebral wrote:

I already replied to this. I said we're NOT trying to protect users from themselves - it's just a matter of saying "I support this package" vs. "We don't support this package" - plain and simple. No moral high-ground, no "protection", no 'worries of lawsuits' or whatever, no meaning besides that attached at all - just us saying "Hey, if there's an update to this package in unsupported or it doesn't compile with gcc4 or something, then we aren't going to fix it; that's up to somebody else.".

So that's ok then. aurbuild is deemed as "safe". I don't see that automatically infers that the packages it grabs are "supported" if aurbuild makes it into Community.

Dusty · 2006-03-08 22:55:11

Cerebral wrote:

Do we provide official support for Skype? No. But swiergot provides official support for the Skype package in community - if there's a problem with the package (ie. bad dependencies, new version of skype available, etc...), swiergot will jump on that and fix it up, then upload a new version probably pretty quickly.

Someone was willing to support the aurbuild package. Then someone else said it shouldn't be in community. Supporting it as a package is apparently not the issue.

Dusty

Cerebral · 2006-03-08 22:57:26

dusty - if you're still floating around, I'm thinking maybe aurbuild-in-community discussion should be split into its own thread, so this one can be kept to discuss updates and feature requests for the app itself? I'd rather not bog down this thread with it much further.

(edit) heh, I guess you are still floating around, you just got in before me.

Cerebral · 2006-03-09 03:37:24

Well, back from my night class. Probably good I stood up and walked away for a bit, gave me time to think.

Dusty, thanks for the split. You're my hero.

First, before I say anything else, I want to make it crystal clear that my opinions aren't based on a lack of trust, or some notion that aurbuild is an inherently 'unsafe' or 'bad' program - to the contrary, I use aurbuild frequently and find it a terribly useful application that's well designed from a user standpoint.

Having said that, Dusty, I think I know where you were coming from with your Skype argument, which I missed before - and here I was saying you missed my meaning!

But you're right, in my mind, the argument is based more on what aurbuild does than the fact that nobody wants to adopt it. The more I think about it, I admit, the less I feel this is as clear-cut a case as I originally figured.

However, I see aurbuild as being fundamentally different from applications like skype or azureus in that it's designed to be an ArchLinux-specific tool, specifically created to pull unsupported packages and install them, and such a tool if brought into the official community repo could cause confusion in the distinction between community and unsupported - if community has an app that directly installs from unsupported, then what's the point of unsupported? Additionally, I could see some newer users starting to file bugs for unsupported apps, simply because there was an 'official' route install them. Weaker-sounding arguments, I admit, and I do recognize the flaws them, but they are still along the same vein as before.

I still think unsupported is the right place for aurbuild to be. However, I agree it is a wonderful app... maybe if I turn this around: I think I understand where you're coming from, but for the sake of clearing everything up maybe you could say why is it you are all so insistent it gets into community? Simply so it can be managed through pacman, or is there a deeper reason?

Dusty · 2006-03-09 04:42:48

Cerebral wrote:

arooaroo wrote:
Time to put this in Community, Penguin. It's got the votes.
Snowman said it best in the comments on aurbuild's AUR page:
Snowman wrote:
Tools like aurbuild or qpkg will never go in the community repo because they install packages that are unsupported. If they would be in the community repo, some users might get the impression that they can start to install any unsupported package without first examining the PKGBUILD, .install file and other files that comes with them. I'm not saying that aurbuild or qpkg are bad (they can be quite useful) but they will remain in unsupported.

Keep in mind the above, which you quoted yourself as being the actual reason aurbuild isn't in community. No sense arguing in circles

Now, I never actually meant aurbuild to go into community when I wrote it. I also didn't mean for Tyler to rewrite it twice and turn it into something useable. Its actually funny that I should argue it should go in community now. I'm not actually arguing for that, come tot hink of it. I have aurbuild installed, I use it sometimes, I can update it with itself, it will never affect me whether others can install it from pacman or not. ;-) Of course, Penguin does have a repo for it (I think), so it can be installed from pacman...

The arguments you've given, however, can be turned exactly 180 degrees to support another thing I am strongly in favour of: More unsupported packages going into community, which means more TUs. If there were more unsupported packages in community, fewer users would need unsupported packages, and aurbuild would thus be less necessary and less talked about. I'm surprised at the number of packages I use regularly that don't have many votes -- does it mean I use strange packages or that people never vote? Regardless, more packages in community means fewer in unsupported.

wonder if I'll have to split this again....

Dusty

Cerebral · 2006-03-09 06:01:34

Dusty wrote:

Keep in mind the above, which you quoted yourself as being the actual reason aurbuild isn't in community. No sense arguing in circles

Yeah... I started by expressing my own opinions on it, then realized I started going in circles and kinda... yeah. That's actually why I tried to turn it around into a "I'm going to stop arguing against it going into community, how about you tell me why you want it in community" thing... but one post too late, I was caught! :shock:

The arguments you've given, however, can be turned exactly 180 degrees to support another thing I am strongly in favour of: More unsupported packages going into community, which means more TUs.

No argument from me. I've got only a handful of packages in community right now, I'm looking at a couple more, but I can only take on so much while school's still on. More TU's would be awesome.

wonder if I'll have to split this again....

You know, the best kind of pie is apple, hands down.

Dusty · 2006-03-09 18:06:33

No argument about the pie.

Yet again, I want to know what happend to the idea of using arch-stats to monitor which packages are popular, and not just a voting system?

Dusty

Arch Linux

#1 2006-03-08 11:57:21

Why isn't aurbuild in community?

#2 2006-03-08 12:02:55

Re: Why isn't aurbuild in community?

#3 2006-03-08 12:21:37

Re: Why isn't aurbuild in community?

#4 2006-03-08 14:05:19

Re: Why isn't aurbuild in community?

#5 2006-03-08 14:16:38

Re: Why isn't aurbuild in community?

#6 2006-03-08 16:34:25

Re: Why isn't aurbuild in community?

#7 2006-03-08 16:42:08

Re: Why isn't aurbuild in community?

#8 2006-03-08 21:06:57

Re: Why isn't aurbuild in community?

#9 2006-03-08 21:29:23

Re: Why isn't aurbuild in community?

#10 2006-03-08 22:31:58

Re: Why isn't aurbuild in community?

#11 2006-03-08 22:37:49

Re: Why isn't aurbuild in community?

#12 2006-03-08 22:41:24

Re: Why isn't aurbuild in community?

#13 2006-03-08 22:55:11

Re: Why isn't aurbuild in community?

#14 2006-03-08 22:57:26

Re: Why isn't aurbuild in community?

#15 2006-03-09 03:37:24

Re: Why isn't aurbuild in community?

#16 2006-03-09 04:42:48

Re: Why isn't aurbuild in community?

#17 2006-03-09 06:01:34

Re: Why isn't aurbuild in community?

#18 2006-03-09 18:06:33

Re: Why isn't aurbuild in community?

Board footer