[aur-general] Random (?) out-of-date marking

Dave Reisner d at falconindy.com
Sun Sep 30 15:11:39 EDT 2012


On Sun, Sep 30, 2012 at 03:00:01PM -0400, Limao Luo wrote:
> My package mcobj [1] has been repeatedly been marked out of date 580
> times in 10 minutes, with 61 out-of-date marks per minute (picture
> for proof [2]). Checking through the email, I saw that the user that
> was doing this was named invented [3]. I'm not really sure what's
> going on, particularly whether this is malicious or not. I have
> emailed invented, and am posting this to try to get to the bottom of
> this. Has invented (or have other users) done this before?
> 
> [1] https://aur.archlinux.org/packages.php?ID=49697
> [2] http://i49.tinypic.com/8zh0sn.png
> [3] https://aur.archlinux.org/account.php?Action=AccountInfo&ID=25347

Well they're certainly doing something weird. I found an odd package of
their own with a large amount of spam on it, and a rather spammy name,
as well.

Seems that the AUR doesn't actually check to see if a package is out of
date before sending the email, meaning that you can just submit a dummy
form with the do_Flag action and get this lovely result.

I've already:

- suspended the account (not that it's very effective).
- deleted the suspcious package.

And I'll be filing a bug against the AUR.

Thanks for bringing this to our attention.

d


More information about the aur-general mailing list