[aur-general] Should TUs tolarate inapropiate behavior in the AUR?
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Fri Feb 12 22:53:17 UTC 2016
On Fri, 2016-02-12 at 23:46 +0100, Ralf Mardorf wrote:
> On Fri, 12 Feb 2016 23:11:13 +0100, William Di Luigi wrote:
> > On Fri, Feb 12, 2016 at 10:37 PM, P. A. López-Valencia
> > <vorbote at outlook.com> wrote:
> > > I do the same as well. Don't try to make the argument that "as the
> > > arsehole has more packages, he deserves to be in charge".
> >
> > Nice strawman you got there.
> >
> > For the record (if you actually misread me and aren't really trying
> > to
> > mislead), I never said that nor I believe that.
>
> Fortunately this user seems to maintain 500+ packages less, assumed
> the
> 600+ wasn't a typo:
>
> https://lists.archlinux.org/pipermail/aur-general/2016-February/032004
> .html
> https://lists.archlinux.org/pipermail/aur-general/2016-February/032006
> .html
>
> Assumed a maintainer should maintain more than 500 packages, a
> moderator/admin should automatically get informed, who then randomly
> checks a few packages, e.g. if the source code comes from an upstream
> server or from a suspect mirror. This should be done not to ensure
> that
> the PKGBUILDs are 100% secure, but just to ensure that it really is a
> single maintainer and not a suspect organisation providing packages.
OTOH a suspect organisation most likely would use several accounts and
not just one account ;).
More information about the aur-general
mailing list