El 12/02/2016 a las 5:46 p. m., Ralf Mardorf escribió:
Fortunately this user seems to maintain 500+ packages less, assumed the 600+ wasn't a typo: https://lists.archlinux.org/pipermail/aur-general/2016-February/032004.html https://lists.archlinux.org/pipermail/aur-general/2016-February/032006.html Assumed a maintainer should maintain more than 500 packages, a moderator/admin should automatically get informed, who then randomly checks a few packages, e.g. if the source code comes from an upstream server or from a suspect mirror. This should be done not to ensure that the PKGBUILDs are 100% secure, but just to ensure that it really is a single maintainer and not a suspect organisation providing packages.
I say AUR3; presently we use AUR4. Those records are unfortunately not publicly available at this time. Unless you want to trawl the git archive at github. Yes. There is a need to vet users who maintain many packages in the AUR, you can only do so much. Some are very legitimate users that end up becoming TUs and even Devs, such as Felix Yan who I can vouch to be a very nice fellow in my brief interactions with him. Others... Oh, well. -- Pedro A. López-Valencia http://about.me/palopezv/ Recession is when a neighbor loses his job. Depression is when you lose yours. -Ronald Reagan