On Fri, 26 Jun 2009 00:52:46 +0200 Xyne <[email protected]> wrote: > On Thu, 25 Jun 2009 19:27:43 +0000 > Laurie Clark-Michalek <[email protected]> wrote: > > > 2009/6/25 Xyne <[email protected]>: > > >> The maintainer of a package should be able to delete comments as > > >> this would make some of the more popular packages' comments > > >> easier to clean up. Instead of a trusted user needing to do > > >> this, the owner of the package could be allowed to delete any > > >> comments older that a week. That's a policy decision, but I hope > > >> we will have some way of deleting comments that refer to bugs > > >> that have been fixed. > > > > > > This would prevent users from being able to flag malicious > > > packages. If this were implemented, I would like to see a "report > > > malicious package" link or something else. As Arch continues to > > > grow we will end up with malicious users and I would prefer to be > > > prepared to handle these when the time comes. > > > > > > > That's why I said "delete any comments older that a week". From > > what I have seen, almost all packages are checked, and I can't > > imagine that anyone who found a malicious package wouldn't report > > it, if not here, to the forums. In either case, it would be > > discovered, as I doubt that if the issue has not been brought to > > the attention of the community in the week after discovery then I > > doubt it will be in any sensible timescale. > > Sorry, I missed the "older than a week" part. That should be more than > enough time for the package to have been reported and deleted. Ignore > my previous reply.
IMHO malicious packages should be reported to the list anyway to be removed ASAP. A comment alone wouldn't do it anyway. Regards, Philipp
