On Thu, Jun 25, 2009 at 23:05, Xyne<xyne@archlinux.ca> wrote:
Principally you are right, but pressing a button "report malicious package" could or should send an e-mail to this mailing list or to every TU automatically. This would be the easiest way for the users.
That could lead to spam. A better system would be similar to the out-of-date system that we currently have, with some changes. You press the "report malicious package" button, submit a reason, and then a messages gets automatically posted to the list. At the same time, it also displays on the AUR page and flagged packages can be filtered in the search the same way out-of-date packages can. The reporter would also be mentioned in the list (to prevent people from anonymously flagging packages without reason).
I'm not sure if I'll be agreed with here, but I think the whole idea of this feature is not needed. The AUR has been up for how many years, and I haven't even *heard* of a malicious package. I don't think we should add features (and spend effort coding, and make the interface *more* cluttered) unless there is a need for the feature.