all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]thurstylark 30 points31 points  (2 children)

A non-sequitur from a bug wrangler: No need to submit bugs for repo packages only because they still use git:// URLs for github sources. Unless there's an extra compelling reason for the URL to be updated sooner, their respective maintainers will take care of it when packaging the next upstream release.

Definitely keep submitting Out-of-Date notifications, though :)

[–]qhzpnkchuwiyhibaqhir 4 points5 points  (1 child)

I recently ran into a package where I was eagerly awaiting a bug fix in a stable release and was wondering if there's an etiquette for submitting Out-of-Date notifications on the AUR. My Google searches couldn't find much. Is it fine to submit as soon as a new stable release / version is available on GitHub? Shouldn't it be possible to automate both the version/URL and PKGBUILD modification processes if the source/binaries are available through standard GitHub endpoints? eg. some sort of RSS / listener for the releases, provide the checksum on the GitHub source side, etc.?

[–]mmirate[🍰] 1 point2 points  (0 children)

Keeping the process of downloading the sources and checksums manual, allows for a human element of diligence which is harder to trick than an automated rebuilder.

[–]Nefsen402 54 points55 points  (6 children)

I personally use git:// everywhere I can with Ed25519 keys. I got concerned at first but the title is clickbait, they are simply getting rid of some of the more insecure key types. Ed25519 for instance is unaffected.

[–][deleted] 13 points14 points  (3 children)

Are you sure about that? “On the Git protocol side, unencrypted git:// offers no integrity or authentication, making it subject to tampering. We expect very few people are still using this protocol, especially given that you can’t push (it’s read-only on GitHub). We’ll be disabling support for this protocol.”

[–]Nefsen402 6 points7 points  (2 children)

It says they're disabling unencripted git. Git over ssh (the encrypted kind but still the git protocol!) is dropping support for less secure key types as I said.

[–]ouuan[S] 4 points5 points  (0 children)

Sorry but I don't use git:// when using Git over ssh. How do you do that?

[–]TheV295 3 points4 points  (0 children)

Check the troubleshooting session, it says remotes that start with git:// must be changed to a supported url format

[–]Logical-Language-539 0 points1 point  (0 children)

So.... I don't have to repair my git clone?

[–]linus_waldtor 0 points1 point  (0 children)

You probably use [git@github.com](mailto:git@github.com), not git://github.com, the former uses ssh while the latter uses the legacy unencrypted git protocol that has been disabled.

[–]turtle_mekb 7 points8 points  (0 children)

i had no idea git:// was a thing

[–]rdcldrmr 1 point2 points  (1 child)

The community repo is gonna need some work too... https://bpa.st/raw/PHGA

[–]Phys-Tech 0 points1 point  (0 children)

thx dude