[aur-general] Removing comments from AUR
Xyne
xyne at archlinux.ca
Thu Jun 25 22:45:16 EDT 2009
> > Sorry, I missed the "older than a week" part. That should be more than
> > enough time for the package to have been reported and deleted. Ignore
> > my previous reply.
>
> One week is not enough. It must be at least one month. If a maintainer
> is on vacation, it's not unusual, that he can't read comments for his
> package for some weeks.
>
> And there has to be a button to prevent important comments from
> automatical deletion.
>
> But I still prefer the delete button for the maintainers, so that
> comments can be deleted manually by the maintainers.
>
> Cheers,
> Heiko
I think you misunderstood my reply. It was not about comments being
automatically pruned after a week. It was referring to a maintainer's
ability to delete comments. If the maintainer is there to delete them,
he is also there to read them.
The minimum of one week before a comment can be deleted would prevent
the following situation:
Alice detects that Eve's package is malicious.
Alice leaves a comment on the AUR warning others.
Alice contacts AUR-general to get a TU to delete the package.
Eve deletes the warning.
Bob installs the malicious package because he didn't see the warning.
A TU sees Alice's message a few hours later and deletes Eve's package.
A TU will certainly get Alice's message within a week of posting it so
the Eve's package will get deleted before Eve can remove Alice's
warning. Bob and others will therefore avoid installing the package
before it has been deleted.
More information about the aur-general
mailing list