On Mon, 12 Oct 2020 20:30:11 -0400 Manhong Dai via aur-general <aur-general@archlinux.org> wrote:
Thanks a lot for your reply! I commented on the package hoping the new maintainer can return the maintainer to me.
But I am willing to answer your question.
A pull request needs a lot of effort to check. The pull request changed a lot of files and it is not that easy to see if the change is not malicious. That being said, now do you understand that why I would trust a 'trusted user' more? After all, 'trusted user' was named so for a reason, right?
If changing package status to 'out of state ' doesn't send any notification, it is SCARY. Not everybody can check out the aur email list everyday and we all work on there packages for free. Why it is scary? What if a malicious user submit a ticket like this and the become the maintainer for a package that is not popular but could access sensitive data, like SGE?
Think about it, the disowning already sends notification, why doesn't the warning 'out of state' send the email?
On another note, maybe the AUR package should be named like github does. Adding the user name to the path will save such headache for both you and me......
Best, Manhong Sent from phone
You didn't read a single word I wrote. Don't bother replying if you can't read.