On Wed, Aug 05, 2020 at 08:43:46PM +0200, Thomas Liske wrote:
> Hi,
> 
> I found several initd scripts in aports using chmod in a way which might not
> be as secure as it could (or should?) be:
> 
> 1) touch a file which might not exist before
> 2) chmod the file to 0600
> 3) write (sensitive?) data to the file
> 
> This results into a race condition if something opens the file between 1)
> and 2) it would gain access to the content written in 3). Most of the initd
> scripts might not write high confidential data (community/postsrsd looks
> like to leak some secret) - for security-in-depth reasoning this should be

On Mon, Jul 20, 2020 at 05:21:36PM +0200, Rasmus Thomsen wrote:
> Hello list,
> 
> I've recently started working on a gitlab bot for aports (although it
> can be used for any repo which uses the same labels etc. as aports), so
> we can automate some review tasks (and can avoid repeating ourselves),
> so we can get more productive things done :)

I agree, a bot can be usefull, but we also need to make sure that a bot
is not going to replace all human contact / human judgement.

> 
> Currently it can do the following things:
> 

On Mon, Jul 20, 2020 at 05:11:36PM +0200, Rasmus Thomsen wrote:
> Hello,
> 
> the procedure for adding new packages to a stable release are:
> 
> 1. Make sure the package has a maintainer (if not, someone has to adopt
> it)
> 2. Move the package to community from testing. git mv testing/$pkgname
> community/ and then git add community/$pkgname && git commit -m
> "community/$pkgname: move from" should do the trick for that. Keep in
> mind that all {make,}depends of the package also need to be in
> community or main, packages in community can't pull in packages from
> testing.
> 3. Make a merge request

On Sat, Jul 18, 2020 at 10:58:53AM +0200, Martin Schmidt wrote:
> ---
>  testing/belcard/APKBUILD | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/testing/belcard/APKBUILD b/testing/belcard/APKBUILD
> index 873c0acb62..e97e2d15c0 100644
> --- a/testing/belcard/APKBUILD
> +++ b/testing/belcard/APKBUILD
> @@ -2,7 +2,7 @@
>  # Maintainer: Francesco Colista <fcolista@alpinelinux.org>
>  pkgname=belcard
>  pkgver=4.4.0
> -pkgrel=0

On Mon, Jul 13, 2020 at 05:51:20AM -0600, Drew DeVault wrote:
> ---
>  {testing => community}/yggdrasil/APKBUILD        | 2 +-
>  {testing => community}/yggdrasil/modules.conf    | 0
>  {testing => community}/yggdrasil/yggdrasil.confd | 0
>  {testing => community}/yggdrasil/yggdrasil.initd | 0
>  4 files changed, 1 insertion(+), 1 deletion(-)
>  rename {testing => community}/yggdrasil/APKBUILD (99%)
>  rename {testing => community}/yggdrasil/modules.conf (100%)
>  rename {testing => community}/yggdrasil/yggdrasil.confd (100%)
>  rename {testing => community}/yggdrasil/yggdrasil.initd (100%)
> 
> diff --git a/testing/yggdrasil/APKBUILD b/community/yggdrasil/APKBUILD
> similarity index 99%

On Sat, Jul 11, 2020 at 06:17:57PM +0100, Alex McGrath wrote:
> From: Linux User <alex@pi.home>
> 
> ---
> I'm really sorry, I messed it up a second time and didnt commit
> 
>  community/caddy/APKBUILD    | 8 ++++----
>  community/caddy/caddy.confd | 3 ++-
>  community/caddy/caddy.initd | 2 +-
>  3 files changed, 7 insertions(+), 6 deletions(-)
> 
> diff --git a/community/caddy/APKBUILD b/community/caddy/APKBUILD
> index 6b7b028ce8..e18f262cbf 100644
> --- a/community/caddy/APKBUILD
[message trimmed]

On Sat, Jul 11, 2020 at 01:19:25PM -0400, Simon Zeni wrote:
> ---
>  testing/waypipe/APKBUILD | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/testing/waypipe/APKBUILD b/testing/waypipe/APKBUILD
> index c91309e4f7..28fece3442 100644
> --- a/testing/waypipe/APKBUILD
> +++ b/testing/waypipe/APKBUILD
> @@ -1,7 +1,7 @@
>  # Contributor: Simon Zeni <simon@bl4ckb0ne.ca>
>  # Maintainer: Simon Zeni <simon@bl4ckb0ne.ca>
>  pkgname=waypipe
> -pkgver=0.6.1

On Wed, Jul 01, 2020 at 10:04:21PM +0200, Kevin Daudt wrote:
> On Tue, Jun 09, 2020 at 08:37:05PM -0600, Ariadne Conill wrote:
> > Hello,
> > 
> > On Monday, June 8, 2020 2:13:49 AM MDT Ariadne Conill wrote:
> > > Hello,
> > > 
> > > Now that Gitlab is deployed and in place, it is possible to have teams as
> > > groups in gitlab, such as the core group[1].
> > > 
> > > As many maintainers and developers collaborate on packages anyway, I believe
> > > it is useful to formalize this arrangement.
> > > 
> > > Accordingly, I believe that we should allow Gitlab groups to own packages to

On Tue, Jun 09, 2020 at 08:37:05PM -0600, Ariadne Conill wrote:
> Hello,
> 
> On Monday, June 8, 2020 2:13:49 AM MDT Ariadne Conill wrote:
> > Hello,
> > 
> > Now that Gitlab is deployed and in place, it is possible to have teams as
> > groups in gitlab, such as the core group[1].
> > 
> > As many maintainers and developers collaborate on packages anyway, I believe
> > it is useful to formalize this arrangement.
> > 
> > Accordingly, I believe that we should allow Gitlab groups to own packages to
> > achieve that.  A Gitlab group can be assigned issues in the issue tracker,

On Wed, Jul 01, 2020 at 03:00:50PM +0000, Dermot Bradley wrote:
> Hello all
> 
> I updated the cloud-init package on 2 days ago (29th) and according to https://pkgs.alpinelinux.org the new package has rolled out for all architectures apart from x86_64.
> Similarly I see over the past 2 days that some/many other package updates are rolling out for all but the x86_64 arch - for example "fail2ban" and "grafana" both show the same issue.
> 
> Is something broken/stuck with the rollout of x86_64 package updates?
> 
> Dermot

Hello Dermot,

The process that listens for updates and triggers the builds crashed. I
started it again (and it's using supervisor-daemon now to automatically