2009/6/25 Xyne <xyne@archlinux.ca>:
The maintainer of a package should be able to delete comments as this would make some of the more popular packages' comments easier to clean up. Instead of a trusted user needing to do this, the owner of the package could be allowed to delete any comments older that a week. That's a policy decision, but I hope we will have some way of deleting comments that refer to bugs that have been fixed.
This would prevent users from being able to flag malicious packages. If this were implemented, I would like to see a "report malicious package" link or something else. As Arch continues to grow we will end up with malicious users and I would prefer to be prepared to handle these when the time comes.
That's why I said "delete any comments older that a week". From what I have seen, almost all packages are checked, and I can't imagine that anyone who found a malicious package wouldn't report it, if not here, to the forums. In either case, it would be discovered, as I doubt that if the issue has not been brought to the attention of the community in the week after discovery then I doubt it will be in any sensible timescale.