On 01/10/15 10:38, Alexandre Detiste wrote: > This kind of job looks like what the Arch user have to do with to > update their AUR packages, > with a bit more of churn. > > https://aur.archlinux.org/cgit/aur.git/commit/PKGBUILD?h=yamagi-quake2-xatrix&id=75ca437c4bd9baf8f8e756f75d11f14c65033d88
Yes. It's the same principle: "someone trusted by the project needs to confirm that the new version is not malicious or broken". S