Hi Tom,
Do we know who added the bad commit?
The bad commit was added by a throwaway account named `larsisaksen`. We do not know who is behind this.
Do they still have access?
No, I have deleted the commit and suspended the account indefinitely.Note that larsisaksen is still listed as the maintainer; this is a little confusing but ultimately harmless. (I deliberately didnβt orphan the PKGBUILD so that nobody can re-gain commit access unless they file an orphan request.)
Is there anything I can do to help prevent this from happening again?
One thing you can do is take control over this particular PKGBUILD by filing an orphan request and adopting the package once the request is granted. Then maintain the PKGBUILD regularly to prevent it from getting orphaned again. As the upstream project maintainer, youβre a natural fit for maintaining this.
Regards Claudia (Auerhuhn)
OpenPGP_0xD11E9FC4F7C9DA3C.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
