How to find the source codes for a package?

E.g. pamac. Here [Stable Update] 2018-11-20 - Pamac v7.3, Matcha, Plane, XFCE is the version 7.3.0-3 (2018-11-20).
Screenshot:

But in the current repository https://mirror.dkm.cz/manjaro/stable/extra/x86_64/ is version 7.3.0-5.
Screenshot:
Sn%C3%ADmek%20obrazovky_2018-11-22_19-22-32

I only see versions 7.3.0-4 and 7.3.0-2 on the Gitlab.

Where is source code for version 7.3.0-5? Thank you for answer.

The Packaging files are what are used for creating the package using the upstream sources. If you look at the url= value or the source= array it will point you towards the sources.

If it’s an Arch package you can also look on https://archlinux.org/packages/

-3 annonce 20/11 but after ( Nov 21) we have another updates

Where is commit PKGBUILD (v7.3.0-5)?

Out of interest, why do you need the PKGBUILD source?

I thought you needed the PKGBUILD file when you build the package.
I also expect a link to “url =” and “source =” in the PKGBUILD file.

1 Like

Oh, I see. The 7.3.0-5 changes haven’t been uploaded to GitLab. Whoever packaged it (probably Phil) will have the changes locally on their own system.

So there was no testing? What if Phil placed a Trojan horse? :slight_smile:

Testing was done as part of the normal unstable->testing->stable progression.

If you really wanted to, you can upload a package with different content to the PKGBUILD, so seeing the PKGBUILD content doesn’t actually mean anything. You still have to trust the distro maintainers.

3 Likes

It is entirely possible that the maintainer of the package - after upload of the package has discovered a typo - fixed the typo - bumped the pkgrel, rebuild and push the package to the repo.

Then seemingly there will be a missing pkgrel eg. from 3 to 5.

Those team members with access to pkg upload are trusted people.

No matter what the PKGBUILD says - it is entirely possible - if and I stress if a maintainer goes rogue it would be possible for a very limited time to do what you suggest. This is probably why @philm and @oberon are very strict with which people getting access to publish packages to the repos. Such action would not go without being noted and stopped.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by