On Sun, Nov 4, 2012 at 1:55 PM, Kwpolska <kwpolska@gmail.com> wrote: <snip>
But I think that two things need improvement: 1. I tried to insert the key ID (4 chars) instead of the fingerprint (40.) A hint (like <tt>gpg --fingerprint</tt>) would be useful.
The input box is labeled "PGP Key Fingerprint" not "PGP Key ID". A bit more verbosity on the error message probably wouldn't hurt though.
2. Cannot unflag a package unless you’re the maintainer — sometimes, flags are made errorneously and you need to revert it.
The problem with the flagger being able to unflag a package is they can repeatedly flag/unflag. This would make the maintainer receive a ton of e-mails. Unfortunately, that has happened before and was a big factor in the change. An alternative would be to add a small separate flagging page (similar to the main site) to reduce the number of erroneously flagged packages, while still preventing the flag/unflag abuse. That could also fix a CSRF issue that was re-introduced with the routing changes. Thanks for your suggestions.