# 2022-11-10 repod meeting Date: 2022-11-10T18:00:00Z - 19:00:00Z Location: Jitsi Scribe: dvzrv ## Attendees * dvzrv * polyzen * wCPO ## Agenda ## Check package metadata against filename The metadata of added packages is now also validated against their filenames [!132](https://gitlab.archlinux.org/archlinux/repod/-/merge_requests/132). ## Fix flaky file detection Our use of python-magic has been adapted to work around flaky behavior of the file library when it comes to detection of compressed files [!134](https://gitlab.archlinux.org/archlinux/repod/-/merge_requests/134). ## Remove symlinks on updating packages The binary package and management repository symlinks for packages and pkgbases are now removed when updating packages [!135](https://gitlab.archlinux.org/archlinux/repod/-/merge_requests/135). ## Check stability flow (per repository) The stability flow of repositories is now honored (versions of packages per repository must follow staging > testing > stable) [!136](https://gitlab.archlinux.org/archlinux/repod/-/merge_requests/136). ## Archiving Work has started on implementing archiving in repod [#96](https://gitlab.archlinux.org/archlinux/repod/-/issues/96), to allow configurable locations (globally and per repository) for archiving the package files (and their signatures) when they are being added to a repository successfully. ## Further tickets added for dbscripts feature compatibility Short meeting with Levente to talk about existing [features and checks in dbscripts](https://gitlab.archlinux.org/archlinux/repod/-/issues/96) which led to more tickets for the 0.3.0 milestone: * to ensure unique packages in a group of repositories, we need to implement a configurable grouping functionality for repositories [#149](https://gitlab.archlinux.org/archlinux/repod/-/issues/149) (overlaps with how archiving works) * to ensure that we packages can be reproducible, we want to ensure that they have been built with packages currently in a group of repositories, with a set of packages about to be added in the same action or with packages that are now in the archive [#150](https://gitlab.archlinux.org/archlinux/repod/-/issues/150) (overlaps with grouping to detect which repositories should be evaluated). * for ensuring that a package version has been built using a specific upstream source repository, we need to check git tags (and their signatures), checksums and metadata of PKGBUILDs to match the given binary package's metadata [#151](https://gitlab.archlinux.org/archlinux/repod/-/issues/151). This will requirea git backend, which can hopefully later be reused for the management repository backend. Overlaps with [#118](https://gitlab.archlinux.org/archlinux/repod/-/issues/118) and [#120](https://gitlab.archlinux.org/archlinux/repod/-/issues/120). ## Documentation improvement (beginner friendly) There are some easy first tickets: * figure out and document differences between existing projects used for repository management [#148](https://gitlab.archlinux.org/archlinux/repod/-/issues/148) * document sought after workflow scenarios [#144](https://gitlab.archlinux.org/archlinux/repod/-/issues/144) * configurable enforcement of UID domain [#92](https://gitlab.archlinux.org/archlinux/repod/-/issues/92) (helps us to maintain signer trust via WKD)