So even though you might trust someone, having a formal repo to force that person to make sure they've got it right before uploading it to the repo is what's guaranteeing you can trust them! See what I mean?
A good idea, though. Webs of trust are cool in general, and I could imagine using them somehow in AUR at some point. Coming up with a "quality score" for a package based on how many of your trusted people voted that it was well-written, for example.
- P
Simo Leone wrote:
Ok, I sat back and watched for a while, but perhaps I'll speak up now.
My 'ideal' solution to this issue is a complicated one, though I don't think it's all that hard to implement (maybe). I'm thinking about something along the lines of a trust model of some kind, where you have to add a certain user to a "trusted" list. When one goes to run srcpac (or whatever tool we might concoct to handle all this), it checks the maintainer of the package you're trying to get. If the maintainer is on your trusted list, it could build silently, while if the maintainer is not on the list, it stops, and tells you to go read the PKGBUILD. Once you have read through it (presumably) you could maybe pass in a certain command line option that suppresses the stop, or how about being able to make the trust list even package-specific?
I dunno, might be a messy or overly-complicated solution, let me know what you think.
-Simo
------------------------------------------------------------------------
_______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
_______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
