On Tue, 9 Nov 2021 at 11:11, Kevin Morris via aur-general <[email protected]> wrote: > I'd be up for programmatically making it impossible for any user > (user or TU) to accept their own requests. > > However, that does bring some complications into play in regards > to deleting packages. > > Currently, on the /packages search page (for a TU), it is possible > to delete packages without a request. In the new FastAPI > implementation of aurweb, we have countered this accountability issue > by auto-generating requests for the action performed. That being said, > removing the ability for TUs to accept their own requests would also > mean that TUs would not really be allowed to blanket delete packages > on their own without a request; furthermore, they couldn't create > a request themselves and go through the path. > > So... the behavior would have to be changes to only allow blanket > deletions on packages which already have a request from _another_ > user. > > This decision is really up to the Trusted User community of the AUR; > not its developers. Some return feedback on this topic would be greatly > appreciated. It would, without a doubt, remove some of Trusted User's > freedoms. But it would also force sort of community-shared > accountability, which may be a good thing. > > What do you all think?
Deleting obvious spam packages shouldn't require two people. Furthermore, I don't think requiring a unverified member of the public + a TU is much of a higher bar, aside from making spam removal more difficult.
