Hi Polarian, On Sat, 03 Jun 2023, 18:36:04 +0200, Polarian wrote:
[...] Nice to meet you, you sure do have a lot more experience than I do :P
Welcome to the mailing list :)
Thanks for the welcome!
[...]
Again, I doubt this is something like an attack. There are many utilities to help automating processes (think of CI-CD), which may result in such situations.
I am aware it isn't an attack, but the latter assumption you made was the issue. CI/CD is, to the best of my knowledge, never meant to push to the AUR directly, it should always be done by an individual manually, I am sure a package maintainer (TU) can correct me if I am wrong, but that is what I take from the guidelines mixed in with the mailing list I linked in my original email.
Although I'm not completely familiar with the rules how to push packages/updates to the AUR, I completely agree with you that not each push to a Git repo with a CI/CD behind (or whatever) should be able to push everything to the AUR directly. I'd assume it is a matter of common sense to establish several CI/CD instances, such as new, built, tested, verified, and released, while only the output from "released" should go to AUR to be consumable by every user. Cheers. l8er manfred