On Sat, Oct 15, 2005 at 04:33:32PM +1000, James Rayner wrote: > > I hope I'm not stepping on Judd's toes by answering, but the chances are > > roughly zero. You are aware, of course, that all packages in the > > directory you parse over are never deleted, so you could be scraping up > > something that a TU had deleted because it was malicious, or that may > > have been moved to [community], or elsewhere. > > > > I'd expect people would check community and the repos before using the script. > > But the fact that a malicious PKGBUILD isnt removed from the > server.....? Why not?
Well deleting it removes it from the AUR's database, but does not actually remove the file. At this point, I'm not entirely sure why we never wrote the code for deleting the files, but I'm pretty sure security combined with pushing the AUR into production use had something to do with it. _Eventually_, some sort of interface for third party apps will be built, such as xmlrpc, soap, or something of that nature, but it's a bit far off for the time being. -S
pgpDWXwsOz4iM.pgp
Description: PGP signature
_______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
