Please refer to http://bugs.archlinux.org/index.php?do=details&id=2643 to see what this is all about.
I agree with Paul's suggestion that this should be discussed by as many people and as openly as possible, therefore I'm opening this up for discussion on both of Arch's major mailing lists. The issue here is, essentially, whether or not (or to what extent) there should be cvsup access (right along with abs) to the unsupported portion of the AUR. This, among other things, opens up the possibility for a user to relatively easily compile and install packages from the AUR using srcpac. The major issues at play here are that srcpac -S must be run as root, so a malicious PKGBUILD on the AUR could wipe out someone's system. However, the ability to use srcpac on AUR packages brings a bsd ports-like easiness to the currently mildly complicated process of building a package from the AUR. Security vs. Easy-Of-Use is pretty much what it boils down to. Well, let's hear it! -Simo
signature.asc
Description: This is a digitally signed message part
_______________________________________________ arch mailing list arch@archlinux.org http://www.archlinux.org/mailman/listinfo/arch
