Re: Spring cleanup '25
Hello, I would like to add vagrant[0] to the list of packages to drop. I just disowned it and it is not required by anything. The reason being that first of all it is currently incompatible[1] with ruby3.4 which we are working on bringing into the repos[2] and it has a long list of being incompatible with our packaged ruby ecosystem[3]. Also gromit informed me that they broke more stuff which makes it impossible for us to upload archlinux vagrant boxes anymore, so this use case is also void. If anyone wants to pick this up then be my guest. Best regards Segaja [0]: https://archlinux.org/packages/extra/x86_64/vagrant/ [1]: https://github.com/hashicorp/vagrant/blob/v2.4.3/vagrant.gemspec#L15 [2]: https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/F4XVDZHNRZAUGEDNMU4GBIGWOMV2YP7E/ [3]: https://gitlab.archlinux.org/archlinux/packaging/packages/vagrant/-/issues/3 OpenPGP_signature.asc Description: OpenPGP digital signature
RFC Final Comment Period: Upstream package sources
An RFC has now entered Final Comment Period. In 14 days, discussion will end and the proposal will either be accepted, rejected or withdrawn: https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/46 Please visit the above link for discussion. Summary: Improve the security of Arch Linux distribution packages by relying on transparent and, if possible, cryptographically verifiable upstream sources by default. Provide guidelines and best practices for distribution package maintainers in a document covering various source types and technologies for digital signatures. Communicate the common goal of transparent and secure package delivery for package maintainers as well as upstream project maintainers. signature.asc Description: PGP signature
