[aur-general] Reply to your request SGE

Doug Newgard scimmia at archlinux.org
Tue Oct 13 02:10:48 UTC 2020


On Mon, 12 Oct 2020 20:30:11 -0400
Manhong Dai via aur-general <aur-general at archlinux.org> wrote:

> Thanks a lot for your reply! I commented on the package hoping the new
> maintainer can return the maintainer  to me.
> 
> But I am willing to answer your question.
> 
> A pull request needs a lot of effort to check. The pull request changed a
> lot of files and it is not that easy to see if the change is not malicious.
> That being said, now do you understand that why I would trust a 'trusted
> user' more? After all, 'trusted user' was named so for a reason, right?
> 
> If changing package status to 'out of state ' doesn't send any
> notification, it is SCARY. Not everybody can  check out the aur email list
> everyday and we all work on there packages for free.  Why it is scary? What
> if a malicious user submit a ticket like this and the become the maintainer
> for a package that is not popular but could access sensitive data, like SGE?
> 
> Think about it, the disowning already sends notification, why doesn't the
> warning 'out of state' send the email?
> 
> On another note, maybe the AUR package should be named like github does.
> Adding the user name to the path will save such headache for both you and
> me......
> 
> 
> Best,
> Manhong
> Sent from phone

You didn't read a single word I wrote. Don't bother replying if you can't read.


More information about the aur-general mailing list