All the best,
-HG
]]>What is the process by which some packages are allowed to be part of the community repo, while others are relegated to the AUR?
Nothing is relegated. Rather, if a TU wants to maintain it, then they'll move it into [community].
Who vets these things?
The TU that maintains it, hopefully.
I apologize for the ranty-ness of this post.
Yeah, avoid ranting; it's rather frowned upon on this BBS.
All the best,
-HG
]]>I was looking at the update list today and noticed the package profanity in the community repository. I'm a big fan of curses-based UI, so I took a look at the project. In the help out section, it is stated that "The original author knew next to nothing about coding real applications in C, XMPP, or building and installing software on Linux when starting the project". Cute.
Looking at the project's GitHub issue list, I then see a reported buffer overflow - likely caused by the uninhibited use of strcpy throughout.
My point here is: if a newbie project begging for a remote code exploit can make it into the community repo, why is something like mscgen in the AUR? Who vets these things?
I apologize for the ranty-ness of this post.
]]>