Simo Leone wrote:
On Sat, Oct 15, 2005 at 04:33:32PM +1000, James Rayner wrote:
I hope I'm not stepping on Judd's toes by answering, but the chances are
roughly zero. You are aware, of course, that all packages in the
directory you parse over are never deleted, so you could be scraping up
something that a TU had deleted because it was malicious, or that may
have been moved to [community], or elsewhere.
I'd expect people would check community and the repos before using the script.
But the fact that a malicious PKGBUILD isnt removed from the
server.....? Why not?
Well deleting it removes it from the AUR's database, but does not
actually remove the file. At this point, I'm not entirely sure why we
never wrote the code for deleting the files, but I'm pretty sure
security combined with pushing the AUR into production use had something
to do with it.
_Eventually_, some sort of interface for third party apps will be built,
such as xmlrpc, soap, or something of that nature, but it's a bit far
off for the time being.
Take note Mr. Roberts!
-S
------------------------------------------------------------------------
_______________________________________________
arch mailing list
[email protected]
http://www.archlinux.org/mailman/listinfo/arch
_______________________________________________
arch mailing list
[email protected]
http://www.archlinux.org/mailman/listinfo/arch
