[Slackbuilds-users] Chromium in Slackbuilds
Didier Spaier
didier at slint.fr
Thu Dec 20 07:14:04 UTC 2018
Hello,
On 20/12/2018 02:06, Jeremy Hansen wrote:
>>> With a quick run through the site, I didn't see any official
>>> documentation that spells this out specifically, but I have seen it
>>> mentioned many times in this mailing list as something to be
>>> corrected when it slips by (many times with python packages).
Well, if you mean using pip, I am also against that, at least if not
with virtualenv ;)
As an aside, I try to avoid getting sources from "anonymous" places.
Yesterday I packaged mps-youtube and its dependency Pafy. Both
.info mention a source archive downloaded from Pypi.
Even though the author suggests using pip for installation I preferred
to get the source archives from GitHub.
Is it only me?
> Just a thought, but any file in the .info is required to have an MD5SUM.
> This ensures the file has remained untouched from when the maintainer
> tested it. If files are downloaded within the script, you can't verify that
> those files are unmodified.
>
> This could mean simply that the files have been updated and have not been
> verified to work properly, but it can also mean that the files have been
> tampered with and may pose a threat to the system.
Yes, but exceptio probat regulam. As an example, the author of emacs-w3m
does not make releases anymore since a long time.
As a result, emacs-w3m.info mentions a very old source archive.
To package it, I did this instead (as suggested by the author):
cvs -d :pserver:anonymous at cvs.namazu.org:/storage/cvsroot co emacs-w3m
And also:
VERSION=$(stat -c %y $PRGNAM/ChangeLog|sed "s/ .*//;s/-//g")
I can understand that this be not acceptable @ SBo, but maybe in such
a case the README could just mention this as an alternate way to
get the source.
Best,
Didier
More information about the SlackBuilds-users
mailing list