You are not logged in.
Is there a mailing list where arch devs discuss their changes for PKGBUILDs? I'm specifically looking for the reason for the move to mercurial and removal of the GPG key validation in firefox 52.0.1-1.
https://git.archlinux.org/svntogit/pack … c829047671
https://git.archlinux.org/svntogit/pack … es/firefox
Last edited by jodpr (2017-03-23 18:08:27)
Offline
Eh ... you know there's nothing in your title or post that refers to firefox, but apparently that's all you are talking about ... right?
PKGBUILDs have not moved to mercurial. Firefox is now being retrieved from mercurial: you'd have to ask upstream at mozilla why they are using that.
The same is likely the reason for the removal of the key: that has to come from upstream.
You can check the mailing lists if you want. But I don't see anything you are asking about that would be discussed at the arch packaging level.
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
I am also wondering the reason behind this. The Arch PKGBUILD used to retrieve the Firefox sources as a tarball, but now it's cloning Firefox's huge Mercurial repository. It's not grabbing a pre-release revision, and source tarballs are still available at the original location. Why the switch? It's very inconvenient and time consuming to clone such a large repository.
Also, what's the reasoning behind adding !strip and --enable-crashreporter?
Offline
there's a website that has the contact info for the package contributors. most of the recent contributions (since November) have been from Jan Steffens. a quick google search and I had that info at my finger tips, which suggests that the amount of effort you've put into getting this info is zero.
I'm sure that he can take the time out of his busy schedule of volunteering to maintain packages so that you can use them, as well as his normal job and other life activities to answer questions regarding the rationale behind maintaining the package.
Last edited by HiImTye (2017-04-03 22:26:01)
Offline
Someone do please ask and post the reasoning. I am curious as well. Even on a 300 Mbps connection, the time spent on repo cloning is annoyingly noticeable. FWIW, sourcing the tarball still works (obviously) though you will have to match the hash manually. And it builds fine stripped and with -disable-crashreporter (as it has since at least FF 40).
Last edited by adamlau (2017-04-04 05:17:06)
Arch Linux + sway
Debian Testing + GNOME/sway
NetBSD 64-bit + Xfce
Offline
FWIW, heftig mentioned on IRC that he started pulling firefox sources from their VCS because it is necessary to get telemetry working. (This is apparently a known bug in their build system.)
Telemetry is seen as a desired feature... it sort of makes sense you would want Mozilla to get your crash logs on account of it might help them prevent Firefox from crashing the next time.
More generally, this is why commit messages exist, even if they aren't really being utilized properly.
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline