Le Wed, 3 Feb 2010 19:55:55 +0100, Heiko Baums <lists@baums-on-web.de> a écrit :
Am Wed, 03 Feb 2010 20:41:34 +0200 schrieb Lauri Niskanen <ape@ape3000.com>:
I agree that peer trust network is a nice idea and that pgp keys might be unnecessary. AUR accounts are already authenticated by the web system and user can be easily coupled with the uploaded files.
You should be able to upload packages without any thrust status and also downloading and installing untrusted packages should be possible. There could be packages with trusted status, so the users wouldn't have that must packages to be checked by themselves.
This was previously implemented in and removed from AUR a long time ago. I guess there was a reason for this.
The reason was that only TUs could flag a package as trusted, and this was done by package and not by user, so it was a lot of work. Actually, if I remember well, I even think it was done by package *revision* which means packages had to be checked by TUs every time a new version was uploaded. It obviously couldn't scale. If the trust is given at the user level, it makes it much less trouble. For example, if the average "trusted" user has 20 packages, each of which has 5 revisions in the user's account's lifetime, it divides the amount of actions necessary by 100 (although it is more complex to check that a user can be trusted than that a package is safe). It is similat to the "give the man a fish" principle Archers should be familiar with. The drawback is that it is a bit less secure, probably, because ultimately more people have to be trusted. A trust network goes even further on both aspects (more scalability, less security). I'm not sure going that far is needed but it is a neat idea. -- catwell