> On each users AUR dashboard and a "Review Queue" that holds the
> manual-intervention packages. If a user has an adequate score, (1,2,3?)
> year(s) plus with AUR, then the user should be able to Approve/Deny the
> commit.

This merely pushes the issue of trust down the line a couple years.
 
> You should add a "rep" for each AUR user. For each review the user
> should gain, e.g. +1 for the effort. Any review failure should cost,
> e.g. -50 and result in account suspension for X? days.
 
Seems a bit extreme. What is a review failure? Just, like, a bad commit that 
kind of sucks? I don't think they need -50 rep and a suspension. Is the commit 
malicious? That warrants a permanent ban. It just doesn't fit with this 
concept. I've certainly made mistakes on AUR commits before.

> Something like that can create a pool of talent and provide incentive
> (and penalty) for AUR members that participate.

It could also irritate contributors to the point of many more packages becoming 
orphaned and never picked up.

> It worked for StackOverflow, something similar could work here. But,
> yes, something needs to be done. Enough hand-wringing, let's put some
> guardrails in place.
> 
> --
> David C. Rankin, J.D.,P.E.
> 

I absolutely believe we need some guardrails, but due to specific concerns, 
this system you've suggested needs some serious rethinking before 
implementation.

Reply via email to