[aur-general] TU without [community] maintaining?
Pierre Chapuis
catwell at archlinux.us
Wed Feb 3 14:11:59 EST 2010
Le Wed, 3 Feb 2010 19:55:55 +0100,
Heiko Baums <lists at baums-on-web.de> a écrit :
> Am Wed, 03 Feb 2010 20:41:34 +0200
> schrieb Lauri Niskanen <ape at ape3000.com>:
>
> > I agree that peer trust network is a nice idea and that pgp keys might
> > be unnecessary. AUR accounts are already authenticated by the web
> > system and user can be easily coupled with the uploaded files.
> >
> > You should be able to upload packages without any thrust status and
> > also downloading and installing untrusted packages should be
> > possible. There could be packages with trusted status, so the users
> > wouldn't have that must packages to be checked by themselves.
>
> This was previously implemented in and removed from AUR a long time ago.
> I guess there was a reason for this.
The reason was that only TUs could flag a package as trusted, and this
was done by package and not by user, so it was a lot of work. Actually,
if I remember well, I even think it was done by package *revision*
which means packages had to be checked by TUs every time a new version
was uploaded. It obviously couldn't scale.
If the trust is given at the user level, it makes it much less trouble.
For example, if the average "trusted" user has 20 packages, each of
which has 5 revisions in the user's account's lifetime, it divides the
amount of actions necessary by 100 (although it is more complex to
check that a user can be trusted than that a package is safe). It is
similat to the "give the man a fish" principle Archers should be
familiar with. The drawback is that it is a bit less secure, probably,
because ultimately more people have to be trusted.
A trust network goes even further on both aspects (more scalability,
less security). I'm not sure going that far is needed but it is a neat
idea.
--
catwell
More information about the aur-general
mailing list