[arch-general] Is Voting Effective?

Taylor Hornby havoc at defuse.ca
Fri Apr 11 18:06:40 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/11/2014 03:57 PM, Daniel Micay wrote:
> Packages are included in the repositories if and only if a
> developer or trusted user is interested in maintaining the package.
> In my opinion, it's best for packages to be maintained by people
> who actually use and care about them even if it means that they're
> in the AUR instead of the official repositories. These AUR
> maintainers have the opportunity to apply as a trusted user in the
> future.
> 

That's a good point point, and I agree.

My problem with the AUR is just its lack of security. Even an automatic
"build and sign as many AUR packages as possible" kind of repository
would be beneficial, since it would at least ensure that every Arch
Linux user is getting the same copy of the package, which would make it
a lot harder for an attack to go unnoticed.

So, I'm really not annoyed that that important packages are in the AUR
just for the sake of their being in the AUR. I'm annoyed that their
being in the AUR makes it extremely difficult to access them securely.

- -- 
Taylor Hornby
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTSGdwAAoJEN+oIJzpZ41d1kcP/iduFcPrS+sfEMF0iZkCpk36
svscbt9CM6+x92nSLUtdUTbEVIoBSncasVGgm3ktQtZx43+FV6vK2OKozNcC/myX
l9C0dv+BHcIKz+irNc9elgNU6w7PcmPaPAOokIvS+VWcge+Wcw6+FJbA3GY4IVUk
YU8XwyCLg8sS+gLEKhSdtKiTDFNIcTXmuZyuF5hxWKsroIrLIQPAfqKh3bgCKUW6
j6CYeV6PZ7QKdiky7ANOqQ+k3wfmWfk7LhIG/9A0bvvWkf23+mwB6ah8N6verpm9
TduawhFD7Ns1Wf1n6sJDDlywbq3ZnNvHKVNuz4oKFutgLd9Qh+xtPs1b6cUJ7Par
IIvcxT5iKduVwTDydAnJffBu4qIHDTS/GH/PA3mO+8TA1jWDYudgxb5rvIrM7tx5
3wT5Zv4lSoWdZiRyItViJCYiGpBMUmJVmW6g0t+zQRIzcwrxze151XTWwiBru9/4
P4Vp6jlfJuHeGijOsJ87yTs385qEPliyCsiH4R/6sOVF10rN7qlMH4rm3MhGZhWw
u7f3mx49CHE+wvMthmYHxzDDVUtNTAHRnHJ69FV4ZM7d3XdFh3Q92EjdiupguKQx
hDVCxsa1w2Ayo7l481DY89r+/buWgx/Zya40ZkQPYAGMZQZUNF0R6A2PEMNwLy98
58MIP7AB1tYqCjacFh0A
=ifsP
-----END PGP SIGNATURE-----


More information about the arch-general mailing list