At the end of the day, before we can decide on a solution, we need to determine how much convenience and freedom the community is willing to give up in exchange for better security.
As far I can tell, the general consensus is not much, but maybe something like a community poll could help guide the decisions on where to go? On Wed, Jun 17, 2026, 11:25 a.m. Jay Paul <[email protected]> wrote: > Respectfully, I don’t think anything needs to be changed on the AUR. I’ve > adopted packages only because it was easy. > > If I had needed to jump through hoops to do so, then I certainly would > have left it for someone else. > > On Wed, Jun 17, 2026 at 12:46 PM Frank W. <[email protected]> wrote: > >> In my opinion having external account linking, although somewhat useful >> to combat this, would be absolutely horrible. Not to mention the fact >> that not everyone is registered or has any kind of interest in having an >> account on such services. >> >> On 6/17/26 13:20, Braeden Theriault wrote: >> > Why not add an account link requirement for package adoption? Say >> > linking a Google, proton, or GitHub account as those are atleast a >> > little more difficult to script into existence. >> > For most people who have atleast one other account it wouldn't be an >> > issue, but a script or attacker would have to create said accounts at >> > the same time as the arch accounts. >> > A side effect would be slowing down the rate a human attacker could >> > create new accounts aswell. >> >
