Package Details: libelectron 1.0.27-1

Git Clone URL: https://aur.archlinux.org/libelectron.git (read-only, click to copy)
Package Base: libelectron
Description: A collection of npm dependencies for electron packages.
Upstream URL: https://gitlab.com/linuxbombay/libelectron/libelectron
Licenses: GPL
Submitter: gameslayer
Maintainer: gameslayer
Last Packager: gameslayer
Votes: 8
Popularity: 0.48
First Submitted: 2022-11-18 11:55 (UTC)
Last Updated: 2024-09-30 23:55 (UTC)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 9 10 11 Next › Last »

xiota commented on 2023-12-29 16:48 (UTC)

@CobaHusky The deletion requests are not over the "debate", but the poor packaging and security practice, as described in the requests themselves. It is now up to a PM to decide.

CobaHusky commented on 2023-12-29 16:40 (UTC) (edited on 2023-12-29 16:42 (UTC) by CobaHusky)

Guys, this is really not the place to be spilling each other's glasses of milk. I'm not gonna lie, you're both proving the public opinion that Arch users are the most toxic of the Linux community.

It's even sadder when the same user submits over 20+ deletion requests to another user's package over a pathetic online debate. Think about that.

gameslayer commented on 2023-12-29 16:34 (UTC)

Still here xiota, cry harder

gameslayer commented on 2023-12-29 16:29 (UTC)

Arch Mods if you see this and the spammed requests you can remove them and ban these guys accounts especially xiota as he is trolling and now spamming requests

gameslayer commented on 2023-12-29 16:21 (UTC) (edited on 2023-12-29 16:27 (UTC) by gameslayer)

Nice try xiota but this package doesn't compromise anyone's security, again you can't even prove that and lying about it.

You don't even know what you are talking about and think this uses some custom made version of Electron when it's using the same Electron directly from NPM that everyone uses for app development

it doesn't create In addition to creating a man-in-the-middle scenario, Already debunked you on this

Already debunked you on the code per documentation

Why are you being toxic? trying to delete my package isn't going to get you anywhere for having a hissy fit online nor is it going to stop me from continuing my app development. Can you do us all a favour and remove the request, this is just childish

gameslayer commented on 2023-12-29 15:55 (UTC) (edited on 2023-12-29 15:55 (UTC) by gameslayer)

Ok but why would that matter? I made the package for electron packages for my own apps but others can freely use it ¯\(ツ)

Electron is based on Chromium and the web engine and yes because it's a core web engine it's up to the developer to update their code etc to maintain security practices and uses sand boxing for security so no unless you turned that off or did something insecure in your code this wouldn't be an issue.

Actually this is how they explain to do is per documentation: https://www.electronjs.org/docs/latest/api/browser-window

There are no defects, again even CobaHusky had no issues installing it on Arch, clearly these people have done something nonstandard and wrong on their Arch installations and trying to blame me for their own issues lmao

A bunch of packages will do this, this automates the process so all I need to do is push the update the git repo and then on the AUR package is update the version, I maintain the package and the repo so there is nothing wrong with this.

Anything else I need to debunk?

xiota commented on 2023-12-29 15:44 (UTC) (edited on 2023-12-29 15:56 (UTC) by xiota)

:gameslayer: actually not true, while I use it for my own personal software I would love to have other devs use it also

What you "would love" and what is real are not the same. At this moment, no one else uses this package. So it is true that this package is used only for your personal apps.

:gameslayer: as for security I update it pretty regularly and they get the same patches and updates Chromium gets since it again uses Chromium's web engine technology and is open source.

Electron is not Chromium. Electron does not have the same security safeguards that Chromium does. Electron developers state at Security:

A security issue exists whenever you receive code from an untrusted source (e.g. a remote server) and execute it locally. As an example, consider a remote website being displayed inside a default BrowserWindow. If an attacker somehow manages to change said content (either by attacking the source directly, or by sitting between your app and the actual destination), they will be able to execute native code on the user's machine.

Looking at one of your apps, you do exactly what Electron devs describe avoiding:

...
const mainWindow = new BrowserWindow(...)
...
mainWindow.loadURL('https://www.youtube.com/', ...)
...

:gameslayer: ... electron: command not found ... once it runs ./setup ...

In addition to the two defects I described earlier (missing quotes, misuse of pkgrel), there are more issues.

  • This is a duplicate of the electron packages, but missing provides and conflicts declarations.
  • This package runs a non-standard secondary script. Those commands should be contained in the PKGBUILD directly.

:gameslayer: Except it isn't in any broken state ... Also #Proof from a friend it installed just fine on Arch Linux

After you modified the package as Alkaris described.

gameslayer commented on 2023-12-29 15:22 (UTC) (edited on 2023-12-29 15:28 (UTC) by gameslayer)

Also #Proof from a friend it installed just fine on Arch Linux

https://cdn.discordapp.com/attachments/717236257150730311/1190312309776715838/image.png?ex=65a157b9&is=658ee2b9&hm=2740520e66d15daa6a1395a126906f960b581f546619e4c123873c54d7007461&