On 21-11-06 11:32, Brett Cornwall via aur-general wrote: > On 2021-11-06 16:05, B via aur-general wrote: > > grawlinson made a deletion request on this package after I updated it > > to v0.89.1, and they immediately approved their own request. The > > community package is flagged out-of-date and is at v0.88.1. > > > > First, this violates the AUR community guidelines that requests a user > > be contacted before a package is removed. Additionally, I find that > > they are making a request and then immediately approving their own > > request without any discussion to be concerning. > > Indeed, that's not something that should happen! Thanks for bringing this to > our attention.
It's been brought up before, and doing it via request & request action is preferable due to it providing an audit log. There are options to directly handle packages, but do not provide any audit log at all. > > I do not think you should be deleting AUR packages, unless they are > > malicious. If they are not being maintained, then you should be > > contacting the users before deleting them. Otherwise, there is no harm > > in having an AUR and trusted package, as many times they be actually > > be different or the trusted package is the one not actively getting > > updated. > > The AUR is not a democracy! There are standards and guidelines that clearly > state that hugo-bin was not an acceptable package in the AUR [1]. So while > the acceptance of their own request should not have happened, this package > should not have existed in the first place. > > Hope this helps. > > [1] > https://wiki.archlinux.org/title/AUR_submission_guidelines#Rules_of_submission What is the issue with handling one's own requests, specifcally? -- George Rawlinson
signature.asc
Description: PGP signature
