At the end of the day, before we can decide on a solution, we need to
determine how much convenience and freedom the community is willing to give
up in exchange for better security.

As far I can tell, the general consensus is not much, but maybe something
like a community poll could help guide the decisions on where to go?

On Wed, Jun 17, 2026, 11:25 a.m. Jay Paul <[email protected]> wrote:

> Respectfully, I don’t think anything needs to be changed on the AUR. I’ve
> adopted packages only because it was easy.
>
> If I had needed to jump through hoops to do so, then I certainly would
> have left it for someone else.
>
> On Wed, Jun 17, 2026 at 12:46 PM Frank W. <[email protected]> wrote:
>
>> In my opinion having external account linking, although somewhat useful
>> to combat this, would be absolutely horrible. Not to mention the fact
>> that not everyone is registered or has any kind of interest in having an
>> account on such services.
>>
>> On 6/17/26 13:20, Braeden Theriault wrote:
>> > Why not add an account link requirement for package adoption? Say
>> > linking a Google, proton, or GitHub account as those are atleast a
>> > little more difficult to script into existence.
>> > For most people who have atleast one other account it wouldn't be an
>> > issue, but a script or attacker would have to create said accounts at
>> > the same time as the arch accounts.
>> > A side effect would be slowing down the rate a human attacker could
>> > create new accounts aswell.
>>
>

Reply via email to