It's an implementation detail, you're saying it like they're completely free form. Not really, they have a very specific structure that every package adheres to.
Parsing them currently requires evaluating them as shell scripts. Should be obvious how bad of an idea it is, especially in the context of the AUR (which is why it requires you to push a dumbed down metadata file called SRCINFO along with PKGBUILD — which is then used to show package info in the web UI you're probably familiar with).
Being able to safely parse PKGBUILDs without running them would certainly be an improvement.
It's an implementation detail, you're saying it like they're completely free form. Not really, they have a very specific structure that every package adheres to.
Parsing them currently requires evaluating them as shell scripts. Should be obvious how bad of an idea it is, especially in the context of the AUR (which is why it requires you to push a dumbed down metadata file called SRCINFO along with PKGBUILD — which is then used to show package info in the web UI you're probably familiar with).
Being able to safely parse PKGBUILDs without running them would certainly be an improvement.
Well, I have seen PKGBUILDs with arbitrary logic defining the metadata:
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=webor...
Which is what necessitated a separate, statically-parseable .SRCINFO.