[aur-general] "Report malicious package" feature

Daenyth Blank daenyth+arch at gmail.com
Fri Jun 26 08:41:49 EDT 2009


On Thu, Jun 25, 2009 at 23:05, Xyne<xyne at archlinux.ca> wrote:
>> Principally you are right, but pressing a button "report malicious
>> package" could or should send an e-mail to this mailing list or to every
>> TU automatically. This would be the easiest way for the users.
>
> That could lead to spam. A better system would be similar to the
> out-of-date system that we currently have, with some changes. You press
> the "report malicious package" button, submit a reason, and then a
> messages gets automatically posted to the list. At the same time, it
> also displays on the AUR page and flagged packages can be filtered in
> the search the same way out-of-date packages can. The reporter would
> also be mentioned in the list (to prevent people from anonymously
> flagging packages without reason).
>
>
I'm not sure if I'll be agreed with here, but I think the whole idea
of this feature is not needed. The AUR has been up for how many years,
and I haven't even *heard* of a malicious package. I don't think we
should add features (and spend effort coding, and make the interface
*more* cluttered) unless there is a need for the feature.


More information about the aur-general mailing list