On Tue, 2026-06-16 at 23:43 +0200, Jonathan Grotelüschen wrote: > https://gitlab.archlinux.org/archlinux/aurweb/-/work_items/558
Hi, originally, I didn't want to get further involved in the discussions. I just wanted to give a thumbs-up, which is what I did. But now, the many threads have turned into a competition to outdo each other with proposed measures. We've seen this in politics, whenever there's a current issue, politicians outdo each other in the media with ideas of packages of measures, even though they’ve never cared about this topic before, and then people are surprised that bureaucracy isn't being reduced but rather inflated, without anything changing regarding the actual problem. The real problem started, after all, with the fact that people didn’t know how to report a problematic package. https://aur.archlinux.org/packages/xfce4-datetime-plugin#comment-1071094 Another user submitted an orphan request, which is what I did with other packages, since I can't contribute to the AUR general mailing list. Now that we know about these kinds of attacks, let's first try to see what it's like to be able to report an infected package easily, without any delays caused by having to ask what to do. If users can report an attack quickly and easily, and if maintainers can respond more quickly, for example, by temporarily suspending new registrations, then perhaps no further action is needed regarding this type of attack. Regards, Ralf
