[Slackbuilds-users] Chromium in Slackbuilds

Didier Spaier didier at slint.fr
Thu Dec 20 07:14:04 UTC 2018


On 20/12/2018 02:06, Jeremy Hansen wrote:
>>> With a quick run through the site, I didn't see any official
>>> documentation that spells this out specifically, but I have seen it
>>> mentioned many times in this mailing list as something to be
>>> corrected when it slips by (many times with python packages).

Well, if you mean using pip, I am also against that, at least if not
with virtualenv ;)

As an aside, I try to avoid getting sources from "anonymous" places.

Yesterday I packaged mps-youtube and its dependency Pafy. Both
.info mention a source archive downloaded from Pypi.

Even though the author suggests using pip for installation I preferred
to get the source archives from GitHub.

Is it only me?

> Just a thought, but any file in the .info is required to have an MD5SUM.
> This ensures the file has remained untouched from when the maintainer
> tested it. If files are downloaded within the script, you can't verify that
> those files are unmodified.
> This could mean simply that the files have been updated and have not been
> verified to work properly, but it can also mean that the files have been
> tampered with and may pose a threat to the system.

Yes, but exceptio probat regulam. As an example, the author of emacs-w3m
does not make releases anymore since a long time.

As a result, emacs-w3m.info mentions a very old source archive.

To package it, I did this instead (as suggested by the author):
cvs -d :pserver:anonymous at cvs.namazu.org:/storage/cvsroot co emacs-w3m

And also:
VERSION=$(stat -c %y $PRGNAM/ChangeLog|sed "s/ .*//;s/-//g")

I can understand that this be not acceptable @ SBo, but maybe in such
a case the README could just mention this as an alternate way to
get the source.



More information about the SlackBuilds-users mailing list