TU application -- Santiago Torres-Arias

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

TU application -- Santiago Torres-Arias

tur-users mailing list
Hello everyone,

Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
although I'd like to thank so many people for their feedback, help, guidance
and counsel in all-things-Arch*.

My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
from New York University. My research focuses on securing the dev-ops
pipeline/supply chain, which includes work on package manager security,
version control system security, securing container orchestrators,
reproducible builds, so on and so forth. It is not a coincidence that
all of these relate strongly with Linux; I believe the Linux environment
pretty much shaped my professional career since I was in High School.

I've been a GNU/Linux user for more than I can remember, although I started
using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
interchangeably for a couple of years and, as time passed, I started to develop
personal scripts and unscrew my deterministically-broken distro (I still
remember my hook to fix the fglrx install every time X was updated). This
experience threw me to the other side, and for a while I thought I could
maintain my own LFS-based distribution with scripts of this sort, which led me
to learn a lot about what *not* to do when managing packages. However, It was
when I finally decided to give Arch a serious try (around 2014) that I found
myself enamored with not only the toolchains, but the community and the
philosophy behind the distribution --- I'm now a strong supporter of the
Arch Way(tm) thanks to all the leasons learned through the winding roads
of linux-system-administration.

Although I've always been an assiduous user of the AUR, not only using but
writing my own PKGBUILDs, It was only until recently (about 8 months now), that
I've been working towards becoming more familiar with the package ecosystem
with the end goal of becoming a TU. I've received feedback from many members on
the community on how to fix, extend and follow best practices on writing
PKGBUILDS which I believe has improved their quality[2].

Besides maintaining packages I've been contributing to other aspects of
the Arch Linux ecosystem for about three years now. I've participated in
the security team almost since its inception, by providing code to the
tracker, tracking CVE's and sending advisories. Likewise, I've been a
tester for more than a year. I've also participated (although not as
much as I've wanted) on the archlinux-reproducible efforts. Finally,
I've worked along with shibumi and Pierre in making an automated build
of an official Archlinux Docker image. Beyond Arch Linux, I'm a
committer to projects like reproducible-builds.org[3], Briar[4],
neomutt[5], and The Update Framework (TUF)[6], among others[7].

There are two main reasons for this application to become a TU. First, I want to
contribute *more* to a community that has given me so much, and I'm certain
that helping packaging tools for everyone in the community repository will only
improve the overall user experience. Second, and most importantly, I want to
expand the offer of packages in the official repositories.

Concretely, I want to maintain the following packages:

    - Orphaned packages (I'm a regular user of these):
        - giblib (currently on extra)
        - python-pylint (currently on extra)
        - uthash
        - znc
        - cvf
        - netctl (?! currently on core, so I suspect I can't maintain this one)
        - python-opencl/pyopencl-headers

    - I'd love to co-maintain some packages that have a packager right now**:
        - radare-cutter
        - hub
        - rtl-sdr
        - maven

    - I intend to move the following packages from the AUR:
        - reprotest
        - git-latexdiff
        - python-rstr
        - python2-grip
        - inxi
        - plex-fonts

Needless to say, I'm open to discussion on this list. I can extend it with any
suggested packages, or discard any packages that aren't deemed popular enough.

On a less technical, serious note, I love playing guitar! I have a band
and we play progressive, shoegaze, and math-rock. I also like cycling,
and reading on pretty much anything. I'm a Rust fanboy and I'm
re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
and emulate TPM's and other trusted hardware designs.

Thanks,
-Santiago (Sangy) Torres-Arias

[1] https://badhomb.re
[2] https://aur.archlinux.org/account/sangy
[3] https://reproducible-builds.org
[4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
[5] https://briarproject.org
[6] https://theupdateframework.com
[7] https://github.com/santiagotorres

* Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
  Tigrmesh, meskarune et al.!
** This is the first time I make this public, so there's no commitment from
   the current packager at all

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

> Hello everyone,
>
> Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
> although I'd like to thank so many people for their feedback, help, guidance
> and counsel in all-things-Arch*.
>
> My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
> from New York University. My research focuses on securing the dev-ops
> pipeline/supply chain, which includes work on package manager security,
> version control system security, securing container orchestrators,
> reproducible builds, so on and so forth. It is not a coincidence that
> all of these relate strongly with Linux; I believe the Linux environment
> pretty much shaped my professional career since I was in High School.
>
> I've been a GNU/Linux user for more than I can remember, although I started
> using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
> interchangeably for a couple of years and, as time passed, I started to develop
> personal scripts and unscrew my deterministically-broken distro (I still
> remember my hook to fix the fglrx install every time X was updated). This
> experience threw me to the other side, and for a while I thought I could
> maintain my own LFS-based distribution with scripts of this sort, which led me
> to learn a lot about what *not* to do when managing packages. However, It was
> when I finally decided to give Arch a serious try (around 2014) that I found
> myself enamored with not only the toolchains, but the community and the
> philosophy behind the distribution --- I'm now a strong supporter of the
> Arch Way(tm) thanks to all the leasons learned through the winding roads
> of linux-system-administration.
>
> Although I've always been an assiduous user of the AUR, not only using but
> writing my own PKGBUILDs, It was only until recently (about 8 months now), that
> I've been working towards becoming more familiar with the package ecosystem
> with the end goal of becoming a TU. I've received feedback from many members on
> the community on how to fix, extend and follow best practices on writing
> PKGBUILDS which I believe has improved their quality[2].
>
> Besides maintaining packages I've been contributing to other aspects of
> the Arch Linux ecosystem for about three years now. I've participated in
> the security team almost since its inception, by providing code to the
> tracker, tracking CVE's and sending advisories. Likewise, I've been a
> tester for more than a year. I've also participated (although not as
> much as I've wanted) on the archlinux-reproducible efforts. Finally,
> I've worked along with shibumi and Pierre in making an automated build
> of an official Archlinux Docker image. Beyond Arch Linux, I'm a
> committer to projects like reproducible-builds.org[3], Briar[4],
> neomutt[5], and The Update Framework (TUF)[6], among others[7].
>
> There are two main reasons for this application to become a TU. First, I want to
> contribute *more* to a community that has given me so much, and I'm certain
> that helping packaging tools for everyone in the community repository will only
> improve the overall user experience. Second, and most importantly, I want to
> expand the offer of packages in the official repositories.
>
> Concretely, I want to maintain the following packages:
>
>     - Orphaned packages (I'm a regular user of these):
>         - giblib (currently on extra)
>         - python-pylint (currently on extra)
>         - uthash
>         - znc
>         - cvf
>         - netctl (?! currently on core, so I suspect I can't maintain this one)
>         - python-opencl/pyopencl-headers
>
>     - I'd love to co-maintain some packages that have a packager right now**:
>         - radare-cutter
>         - hub
>         - rtl-sdr
>         - maven
>
>     - I intend to move the following packages from the AUR:
>         - reprotest
>         - git-latexdiff
>         - python-rstr
>         - python2-grip
>         - inxi
>         - plex-fonts
>
> Needless to say, I'm open to discussion on this list. I can extend it with any
> suggested packages, or discard any packages that aren't deemed popular enough.
>
> On a less technical, serious note, I love playing guitar! I have a band
> and we play progressive, shoegaze, and math-rock. I also like cycling,
> and reading on pretty much anything. I'm a Rust fanboy and I'm
> re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
> and emulate TPM's and other trusted hardware designs.
>
> Thanks,
> -Santiago (Sangy) Torres-Arias
>
> [1] https://badhomb.re
> [2] https://aur.archlinux.org/account/sangy
> [3] https://reproducible-builds.org
> [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
> [5] https://briarproject.org
> [6] https://theupdateframework.com
> [7] https://github.com/santiagotorres
>
> * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
>   Tigrmesh, meskarune et al.!
> ** This is the first time I make this public, so there's no commitment from
>    the current packager at all
Hello everybody,
I confirm my sponsorship for sangys application. Let's begin the
discussion period.

chris

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
On 07/22/2018 03:35 PM, Christian Rebischke via aur-general wrote:
> On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

sangy: dude, we know you're cool and all. No need to prove your creds by
hacking shibumi so you can send his confirmation half a minute before
your your application. :)

--
Eli Schwartz
Bug Wrangler and Trusted User


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
In reply to this post by tur-users mailing list
Em julho 22, 2018 16:35 Santiago Torres-Arias via aur-general escreveu:

>
>     - Orphaned packages (I'm a regular user of these):
>         - giblib (currently on extra)
>         - python-pylint (currently on extra)
>         - uthash
>         - znc
>         - cvf
>         - netctl (?! currently on core, so I suspect I can't maintain this one)
>         - python-opencl/pyopencl-headers
>
>     - I'd love to co-maintain some packages that have a packager right now**:
>         - radare-cutter
>         - hub
>         - rtl-sdr
>         - maven
>
>     - I intend to move the following packages from the AUR:
>         - reprotest
>         - git-latexdiff
>         - python-rstr
>         - python2-grip
>         - inxi
>         - plex-fonts
>
> Needless to say, I'm open to discussion on this list. I can extend it with any
> suggested packages, or discard any packages that aren't deemed popular enough.
>
> On a less technical, serious note, I love playing guitar! I have a band
> and we play progressive, shoegaze, and math-rock. I also like cycling,
> and reading on pretty much anything. I'm a Rust fanboy and I'm
> re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
> and emulate TPM's and other trusted hardware designs.
>
Hi Sangy,

Glad to hear you finally applied to become a TU. Creepy stuff with the confirmation
from shibumi coming before your application.

I have adopted znc, because I didn't knew it was orphan. I have now officially made
a calendar entry to look at orphans monthly. I'm glad to have you co-maintaining, if
you get elected, however. I'm a hardcore user of znc as well.

Good luck,
Giancarlo Razzolini

attachment0 (887 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
> I have adopted znc, because I didn't knew it was orphan. I have now officially made
> a calendar entry to look at orphans monthly. I'm glad to have you co-maintaining, if
> you get elected, however. I'm a hardcore user of znc as well.

Ok! I'd gladly co-maintain it if I get elected :)

>
> Good luck,

Thanks!
-Santiago.


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
In reply to this post by tur-users mailing list
On Sun 22.07.18 - 15:35, Santiago Torres-Arias via aur-general wrote:
>     - Orphaned packages (I'm a regular user of these):
>         - netctl (?! currently on core, so I suspect I can't maintain this one)


netctl is maintained by Jouke who maintains the netctl code. We only
build and push the package, but he handles all bugs because the PKGBUILD
we use is actually part of the netctl git repo, but since he isn't a
a normal dev he can't adopt it on archweb so it's listed as orphan.

Florian

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
In reply to this post by tur-users mailing list
On 07/22/2018 03:35 PM, Santiago Torres-Arias via aur-general wrote:
> Hello everyone,
>
> Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
> although I'd like to thank so many people for their feedback, help, guidance
> and counsel in all-things-Arch*.

Apologies for being somewhat late with the ztrawchse review.

argon2-git:
- CC-0 is, apparently, not common enough to be in the licenses package.
  As such, the license should be marked as 'custom:CC-0' and installed
  to /usr/share/licenses/$pkgname/
  see how core/argon2 does this

git-latexdiff:
- unquoted srcdir/pkgdir
- license is not, in fact, GPL
- the source file has a unique name, but then you told makepkg to rename
  it to something non-unique. I.. must admit this is new to me...

in-toto:
- sources seem to come with a testsuite, this should be run in a check()
  function

python-securesystemslib:
- the check() function does not accept depends, this is broken
- multiple depends are deleted and overridden in the package() function
- empty optdepends array can be deleted
- tox doesn't really test what needs testing, code should be tested
  using the native testsuite hooked up to the packaged system
  dependencies
- license is the literal file (rather than a file within the directory
  of this name): /usr/share/licenses/python-securesystemslib

reprotest:
- multiple depends are deleted and overridden in the package() function
- optdepends could use description of what additional functionality they
  provide when installed

--
Eli Schwartz
Bug Wrangler and Trusted User


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
In reply to this post by tur-users mailing list
On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

> Hello everyone,
>
> Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
> although I'd like to thank so many people for their feedback, help, guidance
> and counsel in all-things-Arch*.
>
> My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
> from New York University. My research focuses on securing the dev-ops
> pipeline/supply chain, which includes work on package manager security,
> version control system security, securing container orchestrators,
> reproducible builds, so on and so forth. It is not a coincidence that
> all of these relate strongly with Linux; I believe the Linux environment
> pretty much shaped my professional career since I was in High School.
>
> I've been a GNU/Linux user for more than I can remember, although I started
> using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
> interchangeably for a couple of years and, as time passed, I started to develop
> personal scripts and unscrew my deterministically-broken distro (I still
> remember my hook to fix the fglrx install every time X was updated). This
> experience threw me to the other side, and for a while I thought I could
> maintain my own LFS-based distribution with scripts of this sort, which led me
> to learn a lot about what *not* to do when managing packages. However, It was
> when I finally decided to give Arch a serious try (around 2014) that I found
> myself enamored with not only the toolchains, but the community and the
> philosophy behind the distribution --- I'm now a strong supporter of the
> Arch Way(tm) thanks to all the leasons learned through the winding roads
> of linux-system-administration.
>
> Although I've always been an assiduous user of the AUR, not only using but
> writing my own PKGBUILDs, It was only until recently (about 8 months now), that
> I've been working towards becoming more familiar with the package ecosystem
> with the end goal of becoming a TU. I've received feedback from many members on
> the community on how to fix, extend and follow best practices on writing
> PKGBUILDS which I believe has improved their quality[2].
>
> Besides maintaining packages I've been contributing to other aspects of
> the Arch Linux ecosystem for about three years now. I've participated in
> the security team almost since its inception, by providing code to the
> tracker, tracking CVE's and sending advisories. Likewise, I've been a
> tester for more than a year. I've also participated (although not as
> much as I've wanted) on the archlinux-reproducible efforts. Finally,
> I've worked along with shibumi and Pierre in making an automated build
> of an official Archlinux Docker image. Beyond Arch Linux, I'm a
> committer to projects like reproducible-builds.org[3], Briar[4],
> neomutt[5], and The Update Framework (TUF)[6], among others[7].
>
> There are two main reasons for this application to become a TU. First, I want to
> contribute *more* to a community that has given me so much, and I'm certain
> that helping packaging tools for everyone in the community repository will only
> improve the overall user experience. Second, and most importantly, I want to
> expand the offer of packages in the official repositories.
>
> Concretely, I want to maintain the following packages:
>
>     - Orphaned packages (I'm a regular user of these):
>         - giblib (currently on extra)
>         - python-pylint (currently on extra)
>         - uthash
>         - znc
>         - cvf
>         - netctl (?! currently on core, so I suspect I can't maintain this one)
>         - python-opencl/pyopencl-headers
>
>     - I'd love to co-maintain some packages that have a packager right now**:
>         - radare-cutter
>         - hub
>         - rtl-sdr
>         - maven
>
>     - I intend to move the following packages from the AUR:
>         - reprotest
>         - git-latexdiff
>         - python-rstr
>         - python2-grip
>         - inxi
>         - plex-fonts
>
> Needless to say, I'm open to discussion on this list. I can extend it with any
> suggested packages, or discard any packages that aren't deemed popular enough.
>
> On a less technical, serious note, I love playing guitar! I have a band
> and we play progressive, shoegaze, and math-rock. I also like cycling,
> and reading on pretty much anything. I'm a Rust fanboy and I'm
> re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
> and emulate TPM's and other trusted hardware designs.
>
> Thanks,
> -Santiago (Sangy) Torres-Arias
>
> [1] https://badhomb.re
> [2] https://aur.archlinux.org/account/sangy
> [3] https://reproducible-builds.org
> [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
> [5] https://briarproject.org
> [6] https://theupdateframework.com
> [7] https://github.com/santiagotorres
>
> * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
>   Tigrmesh, meskarune et al.!
> ** This is the first time I make this public, so there's no commitment from
>    the current packager at all


The discussion period is over, please vote:

https://aur.archlinux.org/tu/?id=107

Best regards

Chris

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
On 07/28/2018 11:57 PM, Christian Rebischke via aur-general wrote:

> On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:
>> Hello everyone,
>>
>> Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
>> although I'd like to thank so many people for their feedback, help, guidance
>> and counsel in all-things-Arch*.
>>
>> My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
>> from New York University. My research focuses on securing the dev-ops
>> pipeline/supply chain, which includes work on package manager security,
>> version control system security, securing container orchestrators,
>> reproducible builds, so on and so forth. It is not a coincidence that
>> all of these relate strongly with Linux; I believe the Linux environment
>> pretty much shaped my professional career since I was in High School.
>>
>> I've been a GNU/Linux user for more than I can remember, although I started
>> using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
>> interchangeably for a couple of years and, as time passed, I started to develop
>> personal scripts and unscrew my deterministically-broken distro (I still
>> remember my hook to fix the fglrx install every time X was updated). This
>> experience threw me to the other side, and for a while I thought I could
>> maintain my own LFS-based distribution with scripts of this sort, which led me
>> to learn a lot about what *not* to do when managing packages. However, It was
>> when I finally decided to give Arch a serious try (around 2014) that I found
>> myself enamored with not only the toolchains, but the community and the
>> philosophy behind the distribution --- I'm now a strong supporter of the
>> Arch Way(tm) thanks to all the leasons learned through the winding roads
>> of linux-system-administration.
>>
>> Although I've always been an assiduous user of the AUR, not only using but
>> writing my own PKGBUILDs, It was only until recently (about 8 months now), that
>> I've been working towards becoming more familiar with the package ecosystem
>> with the end goal of becoming a TU. I've received feedback from many members on
>> the community on how to fix, extend and follow best practices on writing
>> PKGBUILDS which I believe has improved their quality[2].
>>
>> Besides maintaining packages I've been contributing to other aspects of
>> the Arch Linux ecosystem for about three years now. I've participated in
>> the security team almost since its inception, by providing code to the
>> tracker, tracking CVE's and sending advisories. Likewise, I've been a
>> tester for more than a year. I've also participated (although not as
>> much as I've wanted) on the archlinux-reproducible efforts. Finally,
>> I've worked along with shibumi and Pierre in making an automated build
>> of an official Archlinux Docker image. Beyond Arch Linux, I'm a
>> committer to projects like reproducible-builds.org[3], Briar[4],
>> neomutt[5], and The Update Framework (TUF)[6], among others[7].
>>
>> There are two main reasons for this application to become a TU. First, I want to
>> contribute *more* to a community that has given me so much, and I'm certain
>> that helping packaging tools for everyone in the community repository will only
>> improve the overall user experience. Second, and most importantly, I want to
>> expand the offer of packages in the official repositories.
>>
>> Concretely, I want to maintain the following packages:
>>
>>     - Orphaned packages (I'm a regular user of these):
>>         - giblib (currently on extra)
>>         - python-pylint (currently on extra)
>>         - uthash
>>         - znc
>>         - cvf
>>         - netctl (?! currently on core, so I suspect I can't maintain this one)
>>         - python-opencl/pyopencl-headers
>>
>>     - I'd love to co-maintain some packages that have a packager right now**:
>>         - radare-cutter
>>         - hub
>>         - rtl-sdr
>>         - maven
>>
>>     - I intend to move the following packages from the AUR:
>>         - reprotest
>>         - git-latexdiff
>>         - python-rstr
>>         - python2-grip
>>         - inxi
>>         - plex-fonts
>>
>> Needless to say, I'm open to discussion on this list. I can extend it with any
>> suggested packages, or discard any packages that aren't deemed popular enough.
>>
>> On a less technical, serious note, I love playing guitar! I have a band
>> and we play progressive, shoegaze, and math-rock. I also like cycling,
>> and reading on pretty much anything. I'm a Rust fanboy and I'm
>> re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
>> and emulate TPM's and other trusted hardware designs.
>>
>> Thanks,
>> -Santiago (Sangy) Torres-Arias
>>
>> [1] https://badhomb.re
>> [2] https://aur.archlinux.org/account/sangy
>> [3] https://reproducible-builds.org
>> [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
>> [5] https://briarproject.org
>> [6] https://theupdateframework.com
>> [7] https://github.com/santiagotorres
>>
>> * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
>>   Tigrmesh, meskarune et al.!
>> ** This is the first time I make this public, so there's no commitment from
>>    the current packager at all
>
>
>
> The discussion period is over, please vote:
>
> https://aur.archlinux.org/tu/?id=107
That's almost a full day ahead of schedule...

--
Eli Schwartz
Bug Wrangler and Trusted User


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
On Sun, Jul 29, 2018 at 12:05:56AM -0400, Eli Schwartz via aur-general wrote:

> On 07/28/2018 11:57 PM, Christian Rebischke via aur-general wrote:
> > On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:
> >> Hello everyone,
> >>
> >> Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
> >> although I'd like to thank so many people for their feedback, help, guidance
> >> and counsel in all-things-Arch*.
> >>
> >> My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
> >> from New York University. My research focuses on securing the dev-ops
> >> pipeline/supply chain, which includes work on package manager security,
> >> version control system security, securing container orchestrators,
> >> reproducible builds, so on and so forth. It is not a coincidence that
> >> all of these relate strongly with Linux; I believe the Linux environment
> >> pretty much shaped my professional career since I was in High School.
> >>
> >> I've been a GNU/Linux user for more than I can remember, although I started
> >> using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
> >> interchangeably for a couple of years and, as time passed, I started to develop
> >> personal scripts and unscrew my deterministically-broken distro (I still
> >> remember my hook to fix the fglrx install every time X was updated). This
> >> experience threw me to the other side, and for a while I thought I could
> >> maintain my own LFS-based distribution with scripts of this sort, which led me
> >> to learn a lot about what *not* to do when managing packages. However, It was
> >> when I finally decided to give Arch a serious try (around 2014) that I found
> >> myself enamored with not only the toolchains, but the community and the
> >> philosophy behind the distribution --- I'm now a strong supporter of the
> >> Arch Way(tm) thanks to all the leasons learned through the winding roads
> >> of linux-system-administration.
> >>
> >> Although I've always been an assiduous user of the AUR, not only using but
> >> writing my own PKGBUILDs, It was only until recently (about 8 months now), that
> >> I've been working towards becoming more familiar with the package ecosystem
> >> with the end goal of becoming a TU. I've received feedback from many members on
> >> the community on how to fix, extend and follow best practices on writing
> >> PKGBUILDS which I believe has improved their quality[2].
> >>
> >> Besides maintaining packages I've been contributing to other aspects of
> >> the Arch Linux ecosystem for about three years now. I've participated in
> >> the security team almost since its inception, by providing code to the
> >> tracker, tracking CVE's and sending advisories. Likewise, I've been a
> >> tester for more than a year. I've also participated (although not as
> >> much as I've wanted) on the archlinux-reproducible efforts. Finally,
> >> I've worked along with shibumi and Pierre in making an automated build
> >> of an official Archlinux Docker image. Beyond Arch Linux, I'm a
> >> committer to projects like reproducible-builds.org[3], Briar[4],
> >> neomutt[5], and The Update Framework (TUF)[6], among others[7].
> >>
> >> There are two main reasons for this application to become a TU. First, I want to
> >> contribute *more* to a community that has given me so much, and I'm certain
> >> that helping packaging tools for everyone in the community repository will only
> >> improve the overall user experience. Second, and most importantly, I want to
> >> expand the offer of packages in the official repositories.
> >>
> >> Concretely, I want to maintain the following packages:
> >>
> >>     - Orphaned packages (I'm a regular user of these):
> >>         - giblib (currently on extra)
> >>         - python-pylint (currently on extra)
> >>         - uthash
> >>         - znc
> >>         - cvf
> >>         - netctl (?! currently on core, so I suspect I can't maintain this one)
> >>         - python-opencl/pyopencl-headers
> >>
> >>     - I'd love to co-maintain some packages that have a packager right now**:
> >>         - radare-cutter
> >>         - hub
> >>         - rtl-sdr
> >>         - maven
> >>
> >>     - I intend to move the following packages from the AUR:
> >>         - reprotest
> >>         - git-latexdiff
> >>         - python-rstr
> >>         - python2-grip
> >>         - inxi
> >>         - plex-fonts
> >>
> >> Needless to say, I'm open to discussion on this list. I can extend it with any
> >> suggested packages, or discard any packages that aren't deemed popular enough.
> >>
> >> On a less technical, serious note, I love playing guitar! I have a band
> >> and we play progressive, shoegaze, and math-rock. I also like cycling,
> >> and reading on pretty much anything. I'm a Rust fanboy and I'm
> >> re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
> >> and emulate TPM's and other trusted hardware designs.
> >>
> >> Thanks,
> >> -Santiago (Sangy) Torres-Arias
> >>
> >> [1] https://badhomb.re
> >> [2] https://aur.archlinux.org/account/sangy
> >> [3] https://reproducible-builds.org
> >> [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
> >> [5] https://briarproject.org
> >> [6] https://theupdateframework.com
> >> [7] https://github.com/santiagotorres
> >>
> >> * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
> >>   Tigrmesh, meskarune et al.!
> >> ** This is the first time I make this public, so there's no commitment from
> >>    the current packager at all
> >
> >
> >
> > The discussion period is over, please vote:
> >
> > https://aur.archlinux.org/tu/?id=107
>
> That's almost a full day ahead of schedule...
>
> --
> Eli Schwartz
> Bug Wrangler and Trusted User
>
Hi Eli,
Ehm no? According to our bylaws:
"Following the announcement, standard voting procedure commences with a
discussion period of 5 days, a quorum of 66%, and a voting period of 7
days."[1]

Santiago wrote his mail on the 22th. I've send the start of the voting
period at 29th. That is even 2 days too long. Or did I miss something?


Best regards,

Chris

[1] https://aur.archlinux.org/trusted-user/TUbylaws.html

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
On 07/30/2018 05:34 AM, Christian Rebischke via aur-general wrote:
> Hi Eli,
> Ehm no? According to our bylaws:
> "Following the announcement, standard voting procedure commences with a
> discussion period of 5 days, a quorum of 66%, and a voting period of 7
> days."[1]
>
> Santiago wrote his mail on the 22th. I've send the start of the voting
> period at 29th. That is even 2 days too long. Or did I miss something?

Hmm, I got myself turned around I guess.

--
Eli Schwartz
Bug Wrangler and Trusted User


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
In reply to this post by tur-users mailing list
On Sun, Jul 22, 2018 at 03:35:52PM -0400, Santiago Torres-Arias wrote:

> Hello everyone,
>
> Formalities first, Christian Rebischke (Shibumi) is sponsoring my application,
> although I'd like to thank so many people for their feedback, help, guidance
> and counsel in all-things-Arch*.
>
> My name is Santiago Torres-Arias[1], and I'm a Mexican PhD candidate
> from New York University. My research focuses on securing the dev-ops
> pipeline/supply chain, which includes work on package manager security,
> version control system security, securing container orchestrators,
> reproducible builds, so on and so forth. It is not a coincidence that
> all of these relate strongly with Linux; I believe the Linux environment
> pretty much shaped my professional career since I was in High School.
>
> I've been a GNU/Linux user for more than I can remember, although I started
> using it exclusively circa 2011. I started using Debian, Mint and Ubuntu
> interchangeably for a couple of years and, as time passed, I started to develop
> personal scripts and unscrew my deterministically-broken distro (I still
> remember my hook to fix the fglrx install every time X was updated). This
> experience threw me to the other side, and for a while I thought I could
> maintain my own LFS-based distribution with scripts of this sort, which led me
> to learn a lot about what *not* to do when managing packages. However, It was
> when I finally decided to give Arch a serious try (around 2014) that I found
> myself enamored with not only the toolchains, but the community and the
> philosophy behind the distribution --- I'm now a strong supporter of the
> Arch Way(tm) thanks to all the leasons learned through the winding roads
> of linux-system-administration.
>
> Although I've always been an assiduous user of the AUR, not only using but
> writing my own PKGBUILDs, It was only until recently (about 8 months now), that
> I've been working towards becoming more familiar with the package ecosystem
> with the end goal of becoming a TU. I've received feedback from many members on
> the community on how to fix, extend and follow best practices on writing
> PKGBUILDS which I believe has improved their quality[2].
>
> Besides maintaining packages I've been contributing to other aspects of
> the Arch Linux ecosystem for about three years now. I've participated in
> the security team almost since its inception, by providing code to the
> tracker, tracking CVE's and sending advisories. Likewise, I've been a
> tester for more than a year. I've also participated (although not as
> much as I've wanted) on the archlinux-reproducible efforts. Finally,
> I've worked along with shibumi and Pierre in making an automated build
> of an official Archlinux Docker image. Beyond Arch Linux, I'm a
> committer to projects like reproducible-builds.org[3], Briar[4],
> neomutt[5], and The Update Framework (TUF)[6], among others[7].
>
> There are two main reasons for this application to become a TU. First, I want to
> contribute *more* to a community that has given me so much, and I'm certain
> that helping packaging tools for everyone in the community repository will only
> improve the overall user experience. Second, and most importantly, I want to
> expand the offer of packages in the official repositories.
>
> Concretely, I want to maintain the following packages:
>
>     - Orphaned packages (I'm a regular user of these):
>         - giblib (currently on extra)
>         - python-pylint (currently on extra)
>         - uthash
>         - znc
>         - cvf
>         - netctl (?! currently on core, so I suspect I can't maintain this one)
>         - python-opencl/pyopencl-headers
>
>     - I'd love to co-maintain some packages that have a packager right now**:
>         - radare-cutter
>         - hub
>         - rtl-sdr
>         - maven
>
>     - I intend to move the following packages from the AUR:
>         - reprotest
>         - git-latexdiff
>         - python-rstr
>         - python2-grip
>         - inxi
>         - plex-fonts
>
> Needless to say, I'm open to discussion on this list. I can extend it with any
> suggested packages, or discard any packages that aren't deemed popular enough.
>
> On a less technical, serious note, I love playing guitar! I have a band
> and we play progressive, shoegaze, and math-rock. I also like cycling,
> and reading on pretty much anything. I'm a Rust fanboy and I'm
> re-learning Verilog, as I'm hoping to play around with the RISC-V ISA
> and emulate TPM's and other trusted hardware designs.
>
> Thanks,
> -Santiago (Sangy) Torres-Arias
>
> [1] https://badhomb.re
> [2] https://aur.archlinux.org/account/sangy
> [3] https://reproducible-builds.org
> [4] https://neomutt.org/feature/new-mail#7-%C2%A0credits
> [5] https://briarproject.org
> [6] https://theupdateframework.com
> [7] https://github.com/santiagotorres
>
> * Thanks to eschwartz, shibumi, anthraax, jelle, rgacogne, Foxboron, pid1,
>   Tigrmesh, meskarune et al.!
> ** This is the first time I make this public, so there's no commitment from
>    the current packager at all


The results are in...

Yes: 29
No: 3
Abstain: 8
Total: 40
Particiaption: 83.33%

Congratulations Santiago, you've got accepted as Trusted User. Welcome
on board.


Chris / shibumi

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: TU application -- Santiago Torres-Arias

tur-users mailing list
On 08/06/2018 04:20 PM, Christian Rebischke via aur-general wrote:

> The results are in...
>
> Yes: 29
> No: 3
> Abstain: 8
> Total: 40
> Particiaption: 83.33%
>
> Congratulations Santiago, you've got accepted as Trusted User. Welcome
> on board.
Welcome to the team, sangy. :)

I've upgraded your bugtracker account to give you permissions for the
"Community Packages" and internal "Keyring" projects.

Your AUR account has been upgraded to Trusted User status.

As usual take a look at
https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#TODO_list_for_new_Trusted_Users
and get any remaining items sorted out.

--
Eli Schwartz
Bug Wrangler and Trusted User


signature.asc (849 bytes) Download Attachment