Comments (12)
There's no way to verify individual builds.
You're looking for direct uploads, which should be made available sometime this year https://discourse.flathub.org/t/flathub-in-2023/3808#direct-uploads-12. With this you can generate a token from Flathub and build and push the app from your repo/CI to flathub.
Only Flathub admins can add or remove people from this Github-Org. We won't add someone who isn't a previous contributor or has some relationship with upstream or is trusted in Flathub/Flatpak community. Also new people are added upon the previous maintainer's wish or if the package is lacking maintenance. So it isn't exactly "random".
Right now, if you wish, you can be added to https://github.com/flathub/net.runelite.RuneLite as a collaborator, which gives you all write access except repo settings.
which instructs me to email the "flathub admins" at [email protected].
The list is inactive, it really should be removed.
the link on the page 404s.
I’ll fix it.
from flathub.
Only Flathub admins can add or remove people from this Github-Org. We won't add someone who isn't a previous contributor or has some relationship with upstream. So it isn't exactly "random".
Right now, if you wish, you can be added to https://github.com/flathub/net.runelite.RuneLite as a collaborator, which gives you all write access except repo settings.
I am a collaborator on the repository already, which someone set up some years ago for me (I did not request it directly, I am not sure the process for it). However there are at least 2 other people who have collaborator access I know of to the repo that I do not know at all and definitely have no relationship to upstream.
You're looking for direct uploads, which should be made available sometime this year https://discourse.flathub.org/t/flathub-in-2023/3808#direct-uploads-12. With this you can generate a token from Flathub and build and push the app from your repo/CI to flathub.
This looks promising. I may then just wait until this is completed and then migrate my project to that, and hold off verifying for now.
from flathub.
They were involved with the original submission of the flatpak #489, submitters get access.
from flathub.
I see. Can you remove everyone which isn't on https://github.com/orgs/runelite/people and then also add abextm
and Nightfirecat
?
from flathub.
Here is who has write access to that repository:
trusted-maintainers
are Flathub. Includes me and bbht. And this is not an option.
As for the verification process you remain mistaken in what it does. It is just a verification the indicate the origin, ie the maintainers upstream verified the relation with the package.
There is no "per build verification". But build are reproducible (mostly) so you can check that the manifest produce the same thing on both.
I have invited the two users you requested, since they are on the list of the org. (due diligence, sounds reasonable).
from flathub.
As for the verification process you remain mistaken in what it does. It is just a verification the indicate the origin, ie the maintainers upstream verified the relation with the package.
We do not want to verify the package with third parties (non RuneLite or Flathub) having write access since we cannot ensure they will not include code not of our origin.
from flathub.
The manifest is a source of truth. It uses checksum for the tarballs and other sources, or git. All the patches (there are none here) are clearly visible. As for the extra appstream file, .desktop and icon (that are necessary) you could manage them upstream (like they should).
from flathub.
The manifest is a source of truth. It uses checksum for the tarballs and other sources, or git. All the patches (there are none here) are clearly visible. As for the extra appstream file, .desktop and icon (that are necessary) you could manage them upstream (like they should).
The concern is what if someone changes the manifest, not whether or not the manifest itself is secure. Right now the manifest is correct, but we can't show that it will be in the future.
from flathub.
A good intermediate step would be to remove the two people in this screenshot, Steve and AsciiWolf, since they are not in my org.
from flathub.
The only way to change the manifest is by committing to the repository. It is visible, public, and probabl easier to spot that on a big code base that also has dependencies.
from flathub.
Hey @AsciiWolf @rushsteve1, I have removed your write permissions as per Adam's request. Thank you for contributing and maintaining the app thus far, it's much appreciated!
Adam, we're still working on the point 2 to make the point 1 possible. You're right it's somewhat private for now; there will be an announcement on Discourse and our blog when it's generally available
from flathub.
Thank you!
from flathub.
Related Issues (20)
- Ownership of com.maplerain.telsis_translator_flutter HOT 4
- End Of Life issues HOT 2
- Add maintainer to io.qt.PySide.BaseApp HOT 1
- Remove me as maintainer from io.kopia.KopiaUI HOT 1
- Remove me as maintainer from org.gnome.Calls
- Give me access please :D (io.github.yairm210.unciv) HOT 2
- Archive net.seamly.seamly2d HOT 1
- io.github.lawstorant.boxflat fails guidelines review HOT 4
- Support ppc64le architecture HOT 3
- Add maintainer to org.gnome.NetworkDisplays HOT 1
- Request to archive old repository: io.itch.drwhut.TabletopClub HOT 1
- RetroDECK repository migrated to org - more permissions needed HOT 1
- Issues with nodejs cache on flathub HOT 4
- Transfer ownership of org.DolphinEmu.dolphin-emu to upstream developer HOT 1
- Cataclysm: Dark Days Ahead ownership HOT 1
- Request to add a collaborator to the Q-Zandronum repo HOT 1
- Feature Request: Download .flatpak bundles on flathub.org HOT 6
- Add maintainer for icalingua
- Add maintainer to io.github.wivrn.wivrn HOT 1
- How change app id? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flathub.