Hi! Just thought I would pop in about some initial concerns Andrey raised:
> As long as it only targets Ubuntu and doesn't mention Debian it's indeed
only an Ubuntu problem.
It mainly *targets* Ubuntu, but there's no reason it wouldn't be functional on Debian distributions. Dependencies can be listed for both distros through makedeb's release-specific dependency functionality [1], allowing the DUR's (as stated before, I'm open to changing the name) PKGBUILDs to work and provide for any number of systems.
> ...it should at least be prominently described how does it work
and why can that be bad for the users.
If you visit the DUR website, it includes a link directly to the ArchWiki on how the AUR (which the DUR is based on, pretty much just with a reskin and some minor changes) works, as well as a guide for creating and setting up a PKGBUILD.
I've thought about redoing the PKGBUILD docs for makedeb, but it just felt like it would be redundant when the ArchWiki article is already has a plethora of information about it.
Regarding why the DUR could be bad for end users (i.e. from a security standpoint), the following is plastered on top of the DUR homepage (as well as the AUR's), in bold, which can be seen by all users before they log in:
> DISCLAIMER: DUR packages are user produced content. Any use of the provided files is at your own risk.
The same message can also be seen in the footer of all pages, whether logged in or not.
Lastly, again, I'm open to changing the name if it would be preferred by a decent amount of people on the Debian team. It really wouldn't be too much hassle for me, but if I were to do it, I would prefer to schedule some downtime for the users that are already currently using the DUR so I can change everything in a planned manner.
Thanks! Let me know if you have any thoughts,