Hi there, please let me introduce here first as I am new to this list/community. My name is Manfred Hollstein, being located in Germany and a Linux user since end of 1991. I have used Debian, Red Hat, SUSE Linux distributions since 1994 (10 pack floppy disk pack of SLS before than...) - had to use Ubuntu at my last job. I worked with Cygnus Solutions, Red Hat, SUSE and finished my active professional career at Deutsche Telekom where I helped to build their open Cloud offerings. My technical background goes back to compiler construction (still listed as a GCC maintainer), which got widely extended to OS, Virtualization, Cloud, HPC and HA technologies over the various jobs I was active in. I am now on the passive phase of my last job allowing me to do the stuff I always wanted to do ;) Getting now to the initial issue... On Thu, 27 Apr 2023, 18:16:06 +0200, Polarian wrote:
Hello,
I was looking at the AUR today and I have realised a ton of packages with the prefix r-<package name> being updated within a minute of each other, and then found the user to be publishing them:
Packages named like r-<package name> indicates to me that they belong to the "R project for statistical computing". I have seen similar waves in openSUSE when the maintainers flooded OBS with new releases/updates. So I doubt this is anything bad.
https://aur.archlinux.org/account/BioArchLinuxBot
By the name it seems this is a Bot, Anthraxx and Jelle have already discussed how this is not acceptable in a previous thread, see:
https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/me...
https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/me...
A draft has also been submitted on the ArchWiki to set this into stone:
https://wiki.archlinux.org/title/Talk:AUR_submission_guidelines#Automation_a...
Therefore I am bringing this user, and the packages which this has occurred on to the TUs here. I have also attached an image to this email which is a screenshot of the recently updated packages, you can use the rss feeds to back this up as well, it clearly shows that a large number of r packages were updated BY THE SAME USER within the span of 10 minutes.
Let me know what you think :)
Again, I doubt this is something like an attack. There are many utilities to help automating processes (think of CI-CD), which may result in such situations. I hope I have been able to help with this regard, and I also hope that I may become a member of the Arch community!
Have a good day,
Cheers. l8er manfred