On Fri, 21 Jul 2017 at 06:13:40, Eli Schwartz wrote:
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ )
Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request privileged access. TUs should use: `export AUR_PRIVILEGED=1; git push` [...]
I am not sure whether this is a good idea. AUR_PRIVILEGED is not only used for non-fast-forward pushes. It is used for every SSH interface command that requires TU privileges, such as disowning other users' packages or changing the keywords of a package one does not maintain. It seems rather inconvenient to require TUs to prefix all their superpower commands with AUR_PRIVILEGED=1. Actually, TUs should *never* make use of the forced push feature unless they are dealing with some copyright infringement or removing some other legally questionable stuff from the history. So it might make sense to either restrict this feature to very few TUs (those dealing with legal issues reported to aur-support@archlinux.org) or to add some kind of extra switch as you suggested -- but only for non-fast-forward pushes. The warning you implemented in patch 1/2 certainly is a good idea as well. Thanks! Regards, Lukas