[aur-general] Reply to your request SGE
Doug Newgard
scimmia at archlinux.org
Tue Oct 13 02:10:48 UTC 2020
On Mon, 12 Oct 2020 20:30:11 -0400
Manhong Dai via aur-general <aur-general at archlinux.org> wrote:
> Thanks a lot for your reply! I commented on the package hoping the new
> maintainer can return the maintainer to me.
>
> But I am willing to answer your question.
>
> A pull request needs a lot of effort to check. The pull request changed a
> lot of files and it is not that easy to see if the change is not malicious.
> That being said, now do you understand that why I would trust a 'trusted
> user' more? After all, 'trusted user' was named so for a reason, right?
>
> If changing package status to 'out of state ' doesn't send any
> notification, it is SCARY. Not everybody can check out the aur email list
> everyday and we all work on there packages for free. Why it is scary? What
> if a malicious user submit a ticket like this and the become the maintainer
> for a package that is not popular but could access sensitive data, like SGE?
>
> Think about it, the disowning already sends notification, why doesn't the
> warning 'out of state' send the email?
>
> On another note, maybe the AUR package should be named like github does.
> Adding the user name to the path will save such headache for both you and
> me......
>
>
> Best,
> Manhong
> Sent from phone
You didn't read a single word I wrote. Don't bother replying if you can't read.
More information about the aur-general
mailing list