On Fri, 2016-02-12 at 23:46 +0100, Ralf Mardorf wrote:
On Fri, 12 Feb 2016 23:11:13 +0100, William Di Luigi wrote:
On Fri, Feb 12, 2016 at 10:37 PM, P. A. López-Valencia <vorbote@outlook.com> wrote:
I do the same as well. Don't try to make the argument that "as the arsehole has more packages, he deserves to be in charge".
Nice strawman you got there.
For the record (if you actually misread me and aren't really trying to mislead), I never said that nor I believe that.
Fortunately this user seems to maintain 500+ packages less, assumed the 600+ wasn't a typo:
https://lists.archlinux.org/pipermail/aur-general/2016-February/03200 4.html https://lists.archlinux.org/pipermail/aur-general/2016-February/03200 6.html
Assumed a maintainer should maintain more than 500 packages, a moderator/admin should automatically get informed, who then randomly checks a few packages, e.g. if the source code comes from an upstream server or from a suspect mirror. This should be done not to ensure that the PKGBUILDs are 100% secure, but just to ensure that it really is a single maintainer and not a suspect organisation providing packages.
I don't see anything wrong with maintaining several hundred packages. If someone is willing to and has the time to do it, I say they should be able to without moderation. "AUR packages are user produced content. Any use of the provided files is at your own risk." This is an important statement to consider when using the AUR. If you see a package that violates the packaging standards, file it for deletion and allow a TU to take care of it since that's what they're here for. Mark Weiman