[aur-general] Handling own requests (Was: [PRQ#29045] Deletion Request for hugo-bin)
Daurnimator
quae at daurnimator.com
Tue Nov 9 00:19:24 UTC 2021
On Tue, 9 Nov 2021 at 11:11, Kevin Morris via aur-general
<aur-general at lists.archlinux.org> wrote:
> I'd be up for programmatically making it impossible for any user
> (user or TU) to accept their own requests.
>
> However, that does bring some complications into play in regards
> to deleting packages.
>
> Currently, on the /packages search page (for a TU), it is possible
> to delete packages without a request. In the new FastAPI
> implementation of aurweb, we have countered this accountability issue
> by auto-generating requests for the action performed. That being said,
> removing the ability for TUs to accept their own requests would also
> mean that TUs would not really be allowed to blanket delete packages
> on their own without a request; furthermore, they couldn't create
> a request themselves and go through the path.
>
> So... the behavior would have to be changes to only allow blanket
> deletions on packages which already have a request from _another_
> user.
>
> This decision is really up to the Trusted User community of the AUR;
> not its developers. Some return feedback on this topic would be greatly
> appreciated. It would, without a doubt, remove some of Trusted User's
> freedoms. But it would also force sort of community-shared
> accountability, which may be a good thing.
>
> What do you all think?
Deleting obvious spam packages shouldn't require two people.
Furthermore, I don't think requiring a unverified member of the public
+ a TU is much of a higher bar, aside from making spam removal more
difficult.
More information about the aur-general
mailing list