[aur-general] Reply to your request SGE

Manhong Dai daimh at umich.edu
Tue Oct 13 00:30:11 UTC 2020 

Thanks a lot for your reply! I commented on the package hoping the new
maintainer can return the maintainer  to me.

But I am willing to answer your question.

A pull request needs a lot of effort to check. The pull request changed a
lot of files and it is not that easy to see if the change is not malicious.
That being said, now do you understand that why I would trust a 'trusted
user' more? After all, 'trusted user' was named so for a reason, right?

If changing package status to 'out of state ' doesn't send any
notification, it is SCARY. Not everybody can  check out the aur email list
everyday and we all work on there packages for free.  Why it is scary? What
if a malicious user submit a ticket like this and the become the maintainer
for a package that is not popular but could access sensitive data, like SGE?

Think about it, the disowning already sends notification, why doesn't the
warning 'out of state' send the email?

On another note, maybe the AUR package should be named like github does.
Adding the user name to the path will save such headache for both you and
me......


Best,
Manhong
Sent from phone

On Mon, Oct 12, 2020, 8:14 PM Doug Newgard <scimmia at archlinux.org> wrote:

> On Mon, 12 Oct 2020 20:01:45 -0400
> Manhong Dai via aur-general <aur-general at archlinux.org> wrote:
>
> > The comments were sent to me indeed.  However, I didn't receive any email
> > notification about the package is marked as out of state.
>
> And what in the world does "out of state" even mean? Of course there's no
> notification for it, it's not a thing.
>
> >
> > The comment is just a simple 'bad taste' without any link or other
> advice.
> > The commenter is not a trusted user either and thus I won't simply accept
> > the pull request without going through the change one by one to be on the
> > safe side. I always compile and test the package during our cluster
> > upgrade, which happens once or twice per year. After all, the package
> works.
>
> Without any link or other advice, but it had a pull request. You're
> contradicting yourself here.
>
> You think you can ignore people just because they're not a TU? Think again.
>
> Saying the package works is not a defense. You couldn't even get something
> as
> simple as the pkgver right.
>
> >
> > Now, let me repeat it again, I didn't receive any notification when the
> > package was marked as out of state.  I just searched my email again.
>
> And again, "out of state" is not a thing.
>
> >
> > You can see I recently updated my other three packages per other people's
> > suggestions. I acted very quickly, if the comment is reasonable and not
> as
> > simple as a 'bad taste'. If other users are not satisfied with my
> package,
> > they can always fork and put a link under my package, instead of
> 'robbing'.
> >
> > Now , all things considered, can I get the maintainer status back?
> >
> >
> > Best,
> > Manhong
> > Sent from phone
> <snip all previous>
>
> And stop top posting.
> https://wiki.archlinux.org/index.php/Code_of_conduct#Top_posting
>

More information about the aur-general mailing list