> On each users AUR dashboard and a "Review Queue" that holds the > manual-intervention packages. If a user has an adequate score, (1,2,3?) > year(s) plus with AUR, then the user should be able to Approve/Deny the > commit.
This merely pushes the issue of trust down the line a couple years. > You should add a "rep" for each AUR user. For each review the user > should gain, e.g. +1 for the effort. Any review failure should cost, > e.g. -50 and result in account suspension for X? days. Seems a bit extreme. What is a review failure? Just, like, a bad commit that kind of sucks? I don't think they need -50 rep and a suspension. Is the commit malicious? That warrants a permanent ban. It just doesn't fit with this concept. I've certainly made mistakes on AUR commits before. > Something like that can create a pool of talent and provide incentive > (and penalty) for AUR members that participate. It could also irritate contributors to the point of many more packages becoming orphaned and never picked up. > It worked for StackOverflow, something similar could work here. But, > yes, something needs to be done. Enough hand-wringing, let's put some > guardrails in place. > > -- > David C. Rankin, J.D.,P.E. > I absolutely believe we need some guardrails, but due to specific concerns, this system you've suggested needs some serious rethinking before implementation.
