As i see, recently theres very much malicioud packages, that i decided to stop updating my aur packages. We could put aur read only, so we can remove all malware and figure solutions before new one arrives.

It seems like only orphaned packages are affected. We could pause
adoption or introduce a "human-in-the-loop" approach, though making the
entire AUR read-only is too harsh and would affect legitimate packages
and established maintainers.

I am in favor of the human-in-the-loop approach, where contributors can
push a commit to an orphaned package, but that commit is not reflected
for anyone else—and the package is not officially adopted—until
moderators approve the commit and the adoption.

1F616EMO

Attachment: OpenPGP_0xE1B66C824F094548.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to