On Fri, 12 Feb 2016 23:11:13 +0100, William Di Luigi wrote: >On Fri, Feb 12, 2016 at 10:37 PM, P. A. López-Valencia ><[email protected]> wrote: >> I do the same as well. Don't try to make the argument that "as the >> arsehole has more packages, he deserves to be in charge". > >Nice strawman you got there. > >For the record (if you actually misread me and aren't really trying to >mislead), I never said that nor I believe that.
Fortunately this user seems to maintain 500+ packages less, assumed the 600+ wasn't a typo: https://lists.archlinux.org/pipermail/aur-general/2016-February/032004.html https://lists.archlinux.org/pipermail/aur-general/2016-February/032006.html Assumed a maintainer should maintain more than 500 packages, a moderator/admin should automatically get informed, who then randomly checks a few packages, e.g. if the source code comes from an upstream server or from a suspect mirror. This should be done not to ensure that the PKGBUILDs are 100% secure, but just to ensure that it really is a single maintainer and not a suspect organisation providing packages.
