On Fri, 2016-02-12 at 23:46 +0100, Ralf Mardorf wrote: > On Fri, 12 Feb 2016 23:11:13 +0100, William Di Luigi wrote: > > On Fri, Feb 12, 2016 at 10:37 PM, P. A. López-Valencia > > <[email protected]> wrote: > > > I do the same as well. Don't try to make the argument that "as the > > > arsehole has more packages, he deserves to be in charge". > > > > Nice strawman you got there. > > > > For the record (if you actually misread me and aren't really trying > > to > > mislead), I never said that nor I believe that. > > Fortunately this user seems to maintain 500+ packages less, assumed > the > 600+ wasn't a typo: > > https://lists.archlinux.org/pipermail/aur-general/2016-February/032004 > .html > https://lists.archlinux.org/pipermail/aur-general/2016-February/032006 > .html > > Assumed a maintainer should maintain more than 500 packages, a > moderator/admin should automatically get informed, who then randomly > checks a few packages, e.g. if the source code comes from an upstream > server or from a suspect mirror. This should be done not to ensure > that > the PKGBUILDs are 100% secure, but just to ensure that it really is a > single maintainer and not a suspect organisation providing packages.
OTOH a suspect organisation most likely would use several accounts and not just one account ;).
