[aur-general] Should TUs tolarate inapropiate behavior in the AUR?

Mark Weiman mark.weiman at markzz.com
Sat Feb 13 04:22:55 UTC 2016


On Fri, 2016-02-12 at 23:46 +0100, Ralf Mardorf wrote:
> On Fri, 12 Feb 2016 23:11:13 +0100, William Di Luigi wrote:
> > On Fri, Feb 12, 2016 at 10:37 PM, P. A. López-Valencia
> > <vorbote at outlook.com> wrote:
> > > I do the same as well. Don't try to make the argument that "as
> > > the
> > > arsehole has more packages, he deserves to be in charge".  
> > 
> > Nice strawman you got there.
> > 
> > For the record (if you actually misread me and aren't really trying
> > to
> > mislead), I never said that nor I believe that.
> 
> Fortunately this user seems to maintain 500+ packages less, assumed
> the
> 600+ wasn't a typo:
> 
> https://lists.archlinux.org/pipermail/aur-general/2016-February/03200
> 4.html
> https://lists.archlinux.org/pipermail/aur-general/2016-February/03200
> 6.html
> 
> Assumed a maintainer should maintain more than 500 packages, a
> moderator/admin should automatically get informed, who then randomly
> checks a few packages, e.g. if the source code comes from an upstream
> server or from a suspect mirror. This should be done not to ensure
> that
> the PKGBUILDs are 100% secure, but just to ensure that it really is a
> single maintainer and not a suspect organisation providing packages.

I don't see anything wrong with maintaining several hundred packages.
If someone is willing to and has the time to do it, I say they should
be able to without moderation.

"AUR packages are user produced content. Any use of the provided files
is at your own risk." This is an important statement to consider when
using the AUR. If you see a package that violates the packaging
standards, file it for deletion and allow a TU to take care of it since
that's what they're here for.

Mark Weiman


More information about the aur-general mailing list