[aur-general] Deleting packages in AUR
Hi all, At the moment anyone can delete a package they maintain from the AUR. This seems to be being exploited by an evil minority to remove packages that have been orphaned. e.g. http://bbs.archlinux.org/viewtopic.php?pid=373831 I thought that it may be better if we restricted the deleting to only devs/TUs so this con no longer happen. (see bug http://bugs.archlinux.org/task/10527). The question is, how often do packages get deleted from the AUR and thus how much work would this generate? I guess it would be in similar volume to what we already get from orphan requests but this is just a guess. Anyway, pressh suggested I post this here so all TUs would see it. Allan
On Thu, May 29, 2008 at 4:51 PM, Allan McRae <mcrae_allan@hotmail.com> wrote:
Hi all,
At the moment anyone can delete a package they maintain from the AUR. This seems to be being exploited by an evil minority to remove packages that have been orphaned. e.g. http://bbs.archlinux.org/viewtopic.php?pid=373831
I thought that it may be better if we restricted the deleting to only devs/TUs so this con no longer happen. (see bug http://bugs.archlinux.org/task/10527). The question is, how often do packages get deleted from the AUR and thus how much work would this generate? I guess it would be in similar volume to what we already get from orphan requests but this is just a guess.
Anyway, pressh suggested I post this here so all TUs would see it.
Allan
I've always liked this idea, I see no reason for a package being deleted except for the rare case of one being done by mistake which can be easily fixed by notifying the ML. -- Callan Barrett
On Thu, May 29, 2008 at 4:51 PM, Allan McRae <mcrae_allan@hotmail.com> wrote:
Hi all,
At the moment anyone can delete a package they maintain from the AUR. This seems to be being exploited by an evil minority to remove packages that have been orphaned. e.g. http://bbs.archlinux.org/viewtopic.php?pid=373831
I thought that it may be better if we restricted the deleting to only devs/TUs so this con no longer happen. (see bug http://bugs.archlinux.org/task/10527). The question is, how often do packages get deleted from the AUR and thus how much work would this generate? I guess it would be in similar volume to what we already get from orphan requests but this is just a guess.
Anyway, pressh suggested I post this here so all TUs would see it.
Allan
And for if it's agreed to disable users deleting packages, here's the patch. -- Callan Barrett
Callan Barrett wrote:
And for if it's agreed to disable users deleting packages, here's the patch.
Give the man a prize! Allan
On Mon, Jun 2, 2008 at 8:52 PM, Ronald van Haren <pressh@gmail.com> wrote:
Are there no other TUs with an opinion about the subject?
I suppose I should post this patch to aur-dev then? -- Callan Barrett
On Mon, Jun 2, 2008 at 3:12 PM, Callan Barrett <wizzomafizzo@gmail.com> wrote:
On Mon, Jun 2, 2008 at 8:52 PM, Ronald van Haren <pressh@gmail.com> wrote:
Are there no other TUs with an opinion about the subject?
I suppose I should post this patch to aur-dev then?
-- Callan Barrett
yes I would say go ahead and submit the patch
Excerpts from Ronald van Haren's message of Mon Jun 02 17:47:22 +0200 2008:
yes I would say go ahead and submit the patch +1
Check out my great nude pics at http://aur.archlinux.org/ -- Geoffroy Carrier http://gcarrier.koon.fr/
On 03/06/2008, at 9:14 AM, Geoffroy Carrier wrote:
Excerpts from Ronald van Haren's message of Mon Jun 02 17:47:22 +0200 2008:
yes I would say go ahead and submit the patch +1
Check out my great nude pics at http://aur.archlinux.org/
First of all, what?
I thought that it may be better if we restricted the deleting to only devs/TUs so this con no longer happen. (see bug http://bugs.archlinux.org/task/10527) . The question is, how often do packages get deleted from the AUR and thus how much work would this generate? I guess it would be in similar volume to what we already get from orphan requests but this is just a guess.
I don't think packages would get deleted that often at all. The only scenarios I can think of is when an SCM packages becomes obsolete because the SCM changed upstream, or as Callan said, a package was mistakenly uploaded.
Sebastian Nowicki wrote:
<snip>
Pretending that never happened...
I thought that it may be better if we restricted the deleting to only devs/TUs so this con no longer happen. (see bug http://bugs.archlinux.org/task/10527). The question is, how often do packages get deleted from the AUR and thus how much work would this generate? I guess it would be in similar volume to what we already get from orphan requests but this is just a guess.
I don't think packages would get deleted that often at all. The only scenarios I can think of is when an SCM packages becomes obsolete because the SCM changed upstream, or as Callan said, a package was mistakenly uploaded.
Callan has now submitted the patch to the aur-dev list and another that fixes FS#8672 (the one that prevents certain package from being uploaded!). The combination of these two has cause real annoyance.... Allan
On 5/29/08, Allan McRae <mcrae_allan@hotmail.com> wrote:
Callan Barrett wrote:
And for if it's agreed to disable users deleting packages, here's
the patch.
Give the man a prize!
Allan
Are there no other TUs with an opinion about the subject?
Yes I have an opinion; Regular users should NEVER be allowed to tamper with a TU's package, including deletion. -Bob Finch Liviu Librescu - În veci pomenirea lui. (May his memory be eternal.)
On Tue, Jun 3, 2008 at 12:14 AM, <w9ya@qrparci.net> wrote:
Yes I have an opinion;
Regular users should NEVER be allowed to tamper with a TU's package, including deletion.
-Bob Finch
Liviu Librescu - În veci pomenirea lui. (May his memory be eternal.)
Just so you know, this has always been the case. This patch is to stop users from deleting their own packages in unsupported so, for example, a malicious user couldn't adopt orphaned packages in unsupported and then delete them or a package couldn't be deleted by accident. -- Callan Barrett
2008/6/2, Callan Barrett <wizzomafizzo@gmail.com>:
Just so you know, this has always been the case. This patch is to stop users from deleting their own packages in unsupported so, for example, a malicious user couldn't adopt orphaned packages in unsupported and then delete them or a package couldn't be deleted by accident.
I agree. +1 -- Giovanni Scafora Arch Linux Trusted User (voidnull) http://www.archlinux.org http://www.archlinux.it
On Tue, Jun 3, 2008 at 12:14 AM, <w9ya@qrparci.net> wrote:
Yes I have an opinion;
Regular users should NEVER be allowed to tamper with a TU's package, including deletion.
-Bob Finch
Liviu Librescu - În veci pomenirea lui. (May his memory be eternal.)
Just so you know, this has always been the case. This patch is to stop users from deleting their own packages in unsupported so, for example, a malicious user couldn't adopt orphaned packages in unsupported and then delete them or a package couldn't be deleted by accident.
-- Callan Barrett
Great and thanks for the explanation. Very best regards; Bob F. Liviu Librescu - În veci pomenirea lui. (May his memory be eternal.)
participants (7)
-
Allan McRae
-
Callan Barrett
-
Geoffroy Carrier
-
Giovanni Scafora
-
Ronald van Haren
-
Sebastian Nowicki
-
w9ya@qrparci.net