> A new AUR maintainer could ask on the mailing list for some people to vouch 
> for them, and provide an email address for correspondence.
> Once a certain number of existing AUR maintainers have vouched for the new 
> user, they get write access, or maybe they get write access straight away and 
> their packages are just hidden until the community has gained enough trust in 
> that maintainer to un-hide the packages for general consumption.

I see one issue here. Couldn't bot accounts vouch for each other? You
could have a chain of vouching that wouldn't involve human maintainers
at all. I think trust must be earned, not given.

Sam

Reply via email to