You are not logged in.

#51 2007-01-22 17:47:06

phrakture
Arch Overlord
From: behind you
Registered: 2003-10-29
Posts: 7,879
Website

Re: It's time to start something new, AUR2

sh__ wrote:
phrakture wrote:

Again, I never thought much about it... just rolled it around in my head.  With a system like this, adding a trust network to the AUR might be cool.  Perhaps we could implement some system like: if the user is trusted by > 10 users, allow them to upload binaries... /me wonders

Better make it like

if the user is trusted by > 10 already-trusted-users

Otherwise someone could create a number of dummy accounts, set his account as trusted by all of them, and then pollute AUR with trojaned binaries.

Good point.  It's obvious, but I just didn't think of that when I wrote the above.

Offline

#52 2007-02-03 07:30:54

mOLOk
Member
From: Milan, Italy
Registered: 2005-08-09
Posts: 20
Website

Re: It's time to start something new, AUR2

I'd like to have a difference between "unchecked" "bad PKGBUILD" and "safe".
With "bad" I don't mean "dangerous", but just not guidelines compliant.
If a PKGBUILD is dangerouse we simply delete it.
Moreover would be great to list only "unchecked" packages, so we (TUs) can
check them faster,
If a package is marked as "bad package" I won't check it twice and I'll save time.
Just my 2 euro cents.

Last edited by mOLOk (2007-02-03 07:32:21)

Offline

#53 2007-02-03 14:17:08

wizzomafizzo
Member
From: Australia
Registered: 2005-12-05
Posts: 53
Website

Re: It's time to start something new, AUR2

I think a nice feature would also be a comments column in the search page like the number of votes. Then you could check any new comments without going into the details page.

Offline

#54 2007-04-14 17:10:01

Xilon
Member
Registered: 2007-01-01
Posts: 243

Re: It's time to start something new, AUR2

Hmm I've been searching the ML and this thread for any info on how to get involved with the development (if at all possible). I'm quite experienced as a PHP web developer, but I have done little with python (no webdev), I am very interested in learning it, and django, though, so if the development is open then I could contribute a tad bit. Hopefully I will get time to look into it smile

Seems AUR2 dev is a bit quiet in general.

Offline

#55 2008-01-09 12:05:06

Xilon
Member
Registered: 2007-01-01
Posts: 243

Re: It's time to start something new, AUR2

I'd like to revive this thread and get some input on AUR2 development. Since my previous post, Thralas and I have started AUR2 from scratch in Python/Django. We know there is another project going but they are silent and we really don't know what's going on. Anyway we have made progress on AUR2, you can see some screenshots here (Some things have changed since then). I think support for Unsupported is pretty much finished, we just need to work out what to do with community.

There are some features we'd like to add. I'd like to get an API going asap so that 3rd part clients could start adapting to it. I made a thread on the ML about the API and I would like as much feedback as possible, especially from the 3rd party client developers since the API is mostly targeted towards them.

I'd also like to remind people of the AUR 2 wiki where you can (and are encouraged to) post any feature requests or improvements or even just what annoys you about the current AUR.

AUR is a community project, so we really need some input from the community, not necessarily via code, but via ideas. If anyone would like to contribute through programming then the repository information is posted on the wiki, and you can post any patches on the ML. I wouldn't mind the help.

I think AUR  2 development has been too "behind the scenes" and I want it to be more public and get the public involved more. After all, this is for you guys!

Last edited by Xilon (2008-01-09 12:05:55)

Offline

#56 2008-01-13 01:23:14

nesrecar
Member
From: Germany/Munich
Registered: 2004-06-06
Posts: 79

Re: It's time to start something new, AUR2

Hmm, interesting topic.

What I've missed in actual AUR:

- official aur tools you can run from shell. there are some, but the most aren't working. tools to upload pkgbuilds for example.
- support in pacman for AUR
- pgp keys for users/packages trusting. many aur user does not take care about clean and correct made packages, so that would be a user recursive trusting option which takes care of smile
- fixing aur translations (for example: menu text) this is really really optional.

I think that's all.

Nite!


Public Key 0x24685E35 available from any key server you trust.

IRC: ssimon/Nesrecar

Offline

#57 2008-01-13 13:46:28

ibendiben
Member
Registered: 2007-10-10
Posts: 519

Re: It's time to start something new, AUR2

It'd be great if there'd be a simple way to list names+version+safe-flag+description from aur, without the need of a web-interface. Additional features like, dependencies and url's and stuff via a extra [-i] and you're all set.
For the web-interface itself it'd be best (imho) to have AND searches that ignore case, or word-order, sorted trough number of votes/downloads.
Looks like it's gonna have some nice improvements aur2, thanks!

Offline

#58 2008-01-13 15:12:53

jacko
Member
Registered: 2007-11-23
Posts: 840

Re: It's time to start something new, AUR2

ibendiben wrote:

It'd be great if there'd be a simple way to list names+version+safe-flag+description from aur, without the need of a web-interface. Additional features like, dependencies and url's and stuff via a extra [-i] and you're all set.
For the web-interface itself it'd be best (imho) to have AND searches that ignore case, or word-order, sorted trough number of votes/downloads.
Looks like it's gonna have some nice improvements aur2, thanks!

I am not sure I understand what u are saying. word order would be nice. IE. 'cleartype cairo' should return the package cairo-cleartype


sorted through number of votes is already available, as for downloads, I guess that could be of some importance. But, not if the packages are outdated or depreciated. Just because some people d/l'd a package 10,000 times doesn't make it the best package to use. Yes/no?

Offline

#59 2008-01-13 17:02:40

Xilon
Member
Registered: 2007-01-01
Posts: 243

Re: It's time to start something new, AUR2

Not exactly, but it does mean that it's a popular/sought after package, even if it's by one person (I know it's not accurate). For AUR2 I initially wanted to drop votes altogether and replace them with a download counter. Voting isn't really automated and you need to go to the site and vote explicitly in order to show your interest, so it's not exactly accurate either. Downloading is automated and would probably show a more accurate indication of how popular a package is than votes do. I'm not sure whether removing votes is a good idea anymore though.

ibendiben wrote:

It'd be great if there'd be a simple way to list names+version+safe-flag+description from aur, without the need of a web-interface. Additional features like, dependencies and url's and stuff via a extra [-i] and you're all set.

I have started coding an RPC which uses JSON (easily changeable to XML or YAML), so you can pretty much already do that. The current AUR may get this feature soon as well.

Offline

#60 2008-01-13 18:30:39

jacko
Member
Registered: 2007-11-23
Posts: 840

Re: It's time to start something new, AUR2

Downloading is automated and would probably show a more accurate indication of how popular a package is than votes do. I'm not sure whether removing votes is a good idea anymore though.

I am not so sure about that either, I know I for one d/l a program and then remove it as soon as I see it doesn't fit my need. It's hard to judge a package's usefulness from the description. Therefor people like me just d/l and try everything, until I see one that fits the way I perceived it work.

In that case I don't think downloading numbers mean anything, other then its been 'tried' being the key word.

Maybe I am wrong though, I just see voting as more beneficial. Yaourt makes voting easy, all u need is an account, but yaourt ask immediately whether to vote yes/no after installing which doesn't give the end user really enough time to thoroughly test the software out. But, u could still manually use aurvote, to vote later if u wanted too.

Last edited by jacko (2008-01-13 18:32:30)

Offline

#61 2008-01-13 18:36:56

jacko
Member
Registered: 2007-11-23
Posts: 840

Re: It's time to start something new, AUR2

phrakture wrote:
sh__ wrote:
phrakture wrote:

Again, I never thought much about it... just rolled it around in my head.  With a system like this, adding a trust network to the AUR might be cool.  Perhaps we could implement some system like: if the user is trusted by > 10 users, allow them to upload binaries... /me wonders

Better make it like

if the user is trusted by > 10 already-trusted-users

Otherwise someone could create a number of dummy accounts, set his account as trusted by all of them, and then pollute AUR with trojaned binaries.

Good point.  It's obvious, but I just didn't think of that when I wrote the above.

u could write more strict rules to avoid this. Like say make sure that a certain percentage of the votes came from a ISP network outside that of the user being entrusted? Or, as suggested, make is so a certain percentage of votes come from TU's.

Last edited by jacko (2008-01-13 18:40:07)

Offline

#62 2008-01-13 19:09:14

ibendiben
Member
Registered: 2007-10-10
Posts: 519

Re: It's time to start something new, AUR2

jacko wrote:

I am not sure I understand what u are saying. word order would be nice. IE. 'cleartype cairo' should return the package cairo-cleartype

With AND-search I mean it returns only results containing ALL keywords.
Pacman for example uses OR searches. If you search for 3d game.
The result is full of 3d drawing/designing software. Also 2d games will be listed. I don't like that.

Xilon wrote:

I have started coding an RPC which uses JSON (easily changeable to XML or YAML), so you can pretty much already do that. The current AUR may get this feature soon as well.

Can you explain me how?

Last edited by ibendiben (2008-01-13 19:11:12)

Offline

#63 2008-01-16 08:31:03

Xilon
Member
Registered: 2007-01-01
Posts: 243

Re: It's time to start something new, AUR2

ibendiben wrote:
Xilon wrote:

I have started coding an RPC which uses JSON (easily changeable to XML or YAML), so you can pretty much already do that. The current AUR may get this feature soon as well.

Can you explain me how?

given that AUR2 code isn't live, it doesn't really matter at this point. There is no doubt that the API will change. At the moment you can go to /api/search/keyword, and you will get a list of all packages containing pacman in the name and description. eg: http://aur2/api/search/subtle/ returns

[{"pk": "subtle", "model": "aur.package", "fields": {"version": "0.7c", "description": "Tiling WM, behaviour inspired by Wily."}}, {"pk": "subtle-hg", "model": "aur.package", "fields": {"version": "456", "description": "Tiling WM, behaviour inspired by Wily."}}]

I don't really like how django serialises the object, imo it would be better if only the "fields" dictionary would be returned, so I may make it do that.

There's also /api/get_package_info/package_name/:

[{"pk": "subtle", "model": "aur.package", "fields": {"category": 1, "updated": "2008-01-15 23:23:32", "added": "2008-01-15 19:06:38", "description": "Tiling WM, behaviour inspired by Wily.", "repository": 1, "url": "http:\/\/subtle.scrapping.cc\/", "groups": [], "replaces": [], "deleted": false, "depends": [], "provides": [], "tarball": "packages\/subtle\/subtle.tar.gz", "maintainers": [4], "version": "0.7c", "architectures": [1, 2], "make_depends": [], "release": 2, "licenses": [6], "conflicts": [], "outdated": true}}]

As you can see it returns the primary keys instead of useful data for stuff like architectures and repositories, which I have to change as well.

The last one I've implemented is /api/get_package_comments/package_name/ (I have no comments in the DB right now so I can't be bothered showing an example wink )

I don't know what API is being implemented in the AUR code. The code itself seems cryptic to me even though I know PHP, but I guess I just didn't bother reading through it properly wink

jacko wrote:

I am not so sure about that either, I know I for one d/l a program and then remove it as soon as I see it doesn't fit my need. It's hard to judge a package's usefulness from the description. Therefor people like me just d/l and try everything, until I see one that fits the way I perceived it work.

In that case I don't think downloading numbers mean anything, other then its been 'tried' being the key word.

Good point.

Offline

Board footer

Powered by FluxBB