Arch Linux

One problem occured to me with this, which is that if we call to pacman to check on this, it slows things down and might open up DoS potential by rapid submission. If we don't use pacman, then we need some other database to store the names in, and we'd be duplicating the data and have to keep it in sync.

As a TU, I'd find this somewhat useful, but most of the package duplication is from people uploading "foopkg-nonbroken" type pkgnames.

I think it's worth find the best way to communicate with the official database, directly or indirectly.

If this interface could be established, more facilities could be improved, like dependency showing from the official repositories, e.g.

This one just caught my eyes, as it would probably be a better alternative to aurdupes [1]. So let's revive this request!

At a first glance I'd say it's quite easy to read package databases directly using PHP. Since we use Archive_Tar anyways, this could be implemented in about 10 lines of PHP using Archive_Tar's listContent() function. Only thing that we need to think about is how package databases are kept in sync. Maybe a cron job? I'll see if I can implement a patch quickly and will send it to aur-dev.

[1] https://aur.archlinux.org/packages.php?ID=40869

Actually I don't know if it would be a good idea to read the pacman database directly any more.
It would probably be best to access the DB via libalpm.

You could just read the content of the db files into the mysql database. I have already written scripts which do this:

https://projects.archlinux.de/www.archlinux.de.git/tree/cronjobs/Package.php
https://projects.archlinux.de/www.archlinux.de.git/tree/cronjobs/PackageDB.php

and here the cron that updates the mysql db incrementally:
https://projects.archlinux.de/www.archlinux.de.git/tree/cronjobs/UpdatePKGDB.php

There is a lot of stuff you wont need for the AUR so this can be stripped down. (e.g. depends etc.)

Loui: Using libalpm would be the best way to go but afaik there's no libalpm wrapper for PHP yet, is there? So we'd have to either write a libalpm PHP extension or a libalpm PHP implementation. Wouldn't that be kinda overkill?

I was thinking more that the program that updates a blacklist would access libalpm.
Not sure if you'd want to build that directly into the AUR web code. Hey, whatever works though!

I just merged the "pkg-blacklist" branch into master and pushed that. It includes the "package name blacklist" patch [1] and aurblup [2] (AUR blacklist updater) which together can be used to prevent users from uploading packages available in the binary repos.

[1] http://projects.archlinux.org/aur.git/commit/?id=b69f548065e78d14afcdc91548d73539762f8d93
[2] http://projects.archlinux.org/aur.git/commit/?id=400d7845e4c959660edf4cbeb1a390c6590cc4fc