Rebuild Todo List Switch ruby packages from gemdownload to source build
2025-06-06 - Andreas Schleifer
Building an archlinux ruby package from a gem downloaded from rubygems.org (or other sources) is essentially a blackbox binary source for us where we have no idea how it was created or what is actually in it.
In order to make the supply chain more transparent we should rework these packages to use either a git source repository with versioned and pinned tags as point of truth or a release artifact provided by github and similar systems automatically when a tag is being created.
Filter Todo List Packages
| Arch | Repository | Name | Current Version | Staging Version | Maintainers | Status | Last Touched By |
|---|---|---|---|---|---|---|---|
| any | Extra | asciidoctor | 2.0.23-6 | anthraxx, Segaja | Incomplete | ||
| x86_64 | Extra | facter | 4.10.0-2 | bastelfreak, foxxx0 | Incomplete | ||
| any | Extra | ruby-concurrent | 1.3.4-4 | bastelfreak | Incomplete | ||
| x86_64 | Extra | ruby-ffi | 1.17.1-3 | grawlinson | Incomplete | ||
| x86_64 | Extra | ruby-iconv | 1.1.0-3 | grawlinson | Incomplete | ||
| any | Extra | ruby-mail | 2.8.1-5 | Incomplete | |||
| any | Extra | ruby-multi_json | 1.15.0-7 | bastelfreak | Incomplete | ||
| any | Extra | ruby-mustache | 1.1.1-6 | anatolik | Incomplete | ||
| x86_64 | Extra | ruby-pcaprub | 0.13.3-4 | anthraxx, Segaja | Incomplete | ||
| any | Extra | ruby-polyglot | 0.3.5-12 | anatolik | Incomplete | ||
| any | Extra | ruby-rake | 13.2.1-4 | Segaja | Incomplete | ||
| x86_64 | Extra | ruby-rbtree | 0.4.6-6 | grawlinson | Incomplete | ||
| x86_64 | Extra | ruby-rdiscount | 2.2.7.3-6 | grawlinson | Incomplete | ||
| any | Extra | ruby-red-colors | 0.3.0-6 | anatolik | Incomplete | ||
| x86_64 | Extra | ruby-sassc | 2.4.0-6 | bertptrs | Incomplete | ||
| any | Extra | ruby-semantic_puppet | 1.1.0-5 | bastelfreak | Incomplete | ||
| any | Extra | ruby-term-ansicolor | 1.11.2-3 | bertptrs | Incomplete |