On 21-11-06 11:32, Brett Cornwall via aur-general wrote:
On 2021-11-06 16:05, B via aur-general wrote:
grawlinson made a deletion request on this package after I updated it to v0.89.1, and they immediately approved their own request. The community package is flagged out-of-date and is at v0.88.1.
First, this violates the AUR community guidelines that requests a user be contacted before a package is removed. Additionally, I find that they are making a request and then immediately approving their own request without any discussion to be concerning.
Indeed, that's not something that should happen! Thanks for bringing this to our attention.
It's been brought up before, and doing it via request & request action is preferable due to it providing an audit log. There are options to directly handle packages, but do not provide any audit log at all.
I do not think you should be deleting AUR packages, unless they are malicious. If they are not being maintained, then you should be contacting the users before deleting them. Otherwise, there is no harm in having an AUR and trusted package, as many times they be actually be different or the trusted package is the one not actively getting updated.
The AUR is not a democracy! There are standards and guidelines that clearly state that hugo-bin was not an acceptable package in the AUR [1]. So while the acceptance of their own request should not have happened, this package should not have existed in the first place.
Hope this helps.
[1] https://wiki.archlinux.org/title/AUR_submission_guidelines#Rules_of_submissi...
What is the issue with handling one's own requests, specifcally? -- George Rawlinson