> A new AUR maintainer could ask on the mailing list for some people to vouch > for them, and provide an email address for correspondence. > Once a certain number of existing AUR maintainers have vouched for the new > user, they get write access, or maybe they get write access straight away and > their packages are just hidden until the community has gained enough trust in > that maintainer to un-hide the packages for general consumption.
I see one issue here. Couldn't bot accounts vouch for each other? You could have a chain of vouching that wouldn't involve human maintainers at all. I think trust must be earned, not given. Sam
