[aur-general] Should TUs tolarate inapropiate behavior in the AUR?

P. A. López-Valencia vorbote at outlook.com
Fri Feb 12 22:51:50 UTC 2016

El 12/02/2016 a las 5:46 p. m., Ralf Mardorf escribió:
> Fortunately this user seems to maintain 500+ packages less, assumed 
> the 600+ wasn't a typo: 
> https://lists.archlinux.org/pipermail/aur-general/2016-February/032004.html 
> https://lists.archlinux.org/pipermail/aur-general/2016-February/032006.html 
> Assumed a maintainer should maintain more than 500 packages, a 
> moderator/admin should automatically get informed, who then randomly 
> checks a few packages, e.g. if the source code comes from an upstream 
> server or from a suspect mirror. This should be done not to ensure 
> that the PKGBUILDs are 100% secure, but just to ensure that it really 
> is a single maintainer and not a suspect organisation providing packages. 

I say AUR3; presently we use AUR4. Those records are unfortunately not 
publicly available at this time. Unless you want to trawl the git 
archive at github.

Yes. There is a need to vet users who maintain many packages in the AUR, 
you can only do so much. Some are very legitimate users that end up 
becoming TUs and even Devs, such as Felix Yan who I can vouch to be a 
very nice fellow in my brief interactions with him. Others... Oh, well.

Pedro A. López-Valencia
Recession is when a neighbor loses his job. Depression is when you lose yours. -Ronald Reagan

More information about the aur-general mailing list