Comments (12)
There's no way to verify individual builds.
You're looking for direct uploads, which should be made available sometime this year https://discourse.flathub.org/t/flathub-in-2023/3808#direct-uploads-12. With this you can generate a token from Flathub and build and push the app from your repo/CI to flathub.
Only Flathub admins can add or remove people from this Github-Org. We won't add someone who isn't a previous contributor or has some relationship with upstream or is trusted in Flathub/Flatpak community. Also new people are added upon the previous maintainer's wish or if the package is lacking maintenance. So it isn't exactly "random".
Right now, if you wish, you can be added to https://github.com/flathub/net.runelite.RuneLite as a collaborator, which gives you all write access except repo settings.
which instructs me to email the "flathub admins" at [email protected].
The list is inactive, it really should be removed.
the link on the page 404s.
I’ll fix it.
from flathub.
Only Flathub admins can add or remove people from this Github-Org. We won't add someone who isn't a previous contributor or has some relationship with upstream. So it isn't exactly "random".
Right now, if you wish, you can be added to https://github.com/flathub/net.runelite.RuneLite as a collaborator, which gives you all write access except repo settings.
I am a collaborator on the repository already, which someone set up some years ago for me (I did not request it directly, I am not sure the process for it). However there are at least 2 other people who have collaborator access I know of to the repo that I do not know at all and definitely have no relationship to upstream.
You're looking for direct uploads, which should be made available sometime this year https://discourse.flathub.org/t/flathub-in-2023/3808#direct-uploads-12. With this you can generate a token from Flathub and build and push the app from your repo/CI to flathub.
This looks promising. I may then just wait until this is completed and then migrate my project to that, and hold off verifying for now.
from flathub.
They were involved with the original submission of the flatpak #489, submitters get access.
from flathub.
I see. Can you remove everyone which isn't on https://github.com/orgs/runelite/people and then also add abextm
and Nightfirecat
?
from flathub.
Here is who has write access to that repository:
trusted-maintainers
are Flathub. Includes me and bbht. And this is not an option.
As for the verification process you remain mistaken in what it does. It is just a verification the indicate the origin, ie the maintainers upstream verified the relation with the package.
There is no "per build verification". But build are reproducible (mostly) so you can check that the manifest produce the same thing on both.
I have invited the two users you requested, since they are on the list of the org. (due diligence, sounds reasonable).
from flathub.
As for the verification process you remain mistaken in what it does. It is just a verification the indicate the origin, ie the maintainers upstream verified the relation with the package.
We do not want to verify the package with third parties (non RuneLite or Flathub) having write access since we cannot ensure they will not include code not of our origin.
from flathub.
The manifest is a source of truth. It uses checksum for the tarballs and other sources, or git. All the patches (there are none here) are clearly visible. As for the extra appstream file, .desktop and icon (that are necessary) you could manage them upstream (like they should).
from flathub.
The manifest is a source of truth. It uses checksum for the tarballs and other sources, or git. All the patches (there are none here) are clearly visible. As for the extra appstream file, .desktop and icon (that are necessary) you could manage them upstream (like they should).
The concern is what if someone changes the manifest, not whether or not the manifest itself is secure. Right now the manifest is correct, but we can't show that it will be in the future.
from flathub.
A good intermediate step would be to remove the two people in this screenshot, Steve and AsciiWolf, since they are not in my org.
from flathub.
The only way to change the manifest is by committing to the repository. It is visible, public, and probabl easier to spot that on a big code base that also has dependencies.
from flathub.
Hey @AsciiWolf @rushsteve1, I have removed your write permissions as per Adam's request. Thank you for contributing and maintaining the app thus far, it's much appreciated!
Adam, we're still working on the point 2 to make the point 1 possible. You're right it's somewhat private for now; there will be an announcement on Discourse and our blog when it's generally available
from flathub.
Thank you!
from flathub.
Related Issues (20)
- Mumble 1.5.634 crashes when opening up the settings
- Appstream data for several programs missing languages HOT 6
- Add `ludouzi` as a maintainer of the `org.fooyin.fooyin` repository HOT 1
- GitHub
- Flathub buildbot failing to commit successful builds with cryptic error HOT 5
- cromite in flathub HOT 2
- Flathub repository index is not accessible in Kyiv, Ukraine HOT 5
- appstream-compose fails on webp screenshots HOT 20
- Helpful information for anyone looking to test their flatpaks locally offline using flatpak-builder. HOT 3
- PR test build keeps failing "Commiting builds" with fsck error HOT 2
- Please add upstream author to write access. HOT 5
- Transfer access of packages to different user HOT 1
- Changelog descriptions not shown on Flathub.org unless they are wrapped in paragraph/p tags HOT 4
- Please add additional maintainer to https://github.com/flathub/com.github.hopsan.Hopsan HOT 1
- Flathub Icon Image not updating? HOT 3
- Flatpak builder on FlatHub failed with symlinkPointsToGitDir while local machine succeeded HOT 4
- gpt4all in flathub can anyone make it available in flathub HOT 3
- Flathub Website Changes HOT 4
- Additional maintainer for Subsurface HOT 1
- More rights on VLC repos HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flathub.