You are not logged in.
- Topics: Active | Unanswered
#1 2024-06-04 11:33:34
- Samega 7Cattac
- Member
- Registered: 2020-08-17
- Posts: 21
How is pgadmin4-py package allowed in AUR in this state?
pgadmin4-py's PKGBUILD is just insane!
Executes a script that requires root (ref flag) for postgresql configuration (that has nothing to do with pgadmin), that pgadmin doesn't require to work (forcing a heavy dependency for no reason).
Not to mention that those changes can be destructive if the user has a custom setup.
It can also cause an infinite loop.
And on top of that there's what @witcher said in the comments which is concerning.
No reply for almost half a year and not receiving updates.
Offline
#2 2024-06-04 19:18:01
- Muflone
- Package Maintainer (PM)
- From: Italy
- Registered: 2013-10-08
- Posts: 110
- Website
Re: How is pgadmin4-py package allowed in AUR in this state?
Please file an orphan or a deletion request
This package has severe issues and cannot be kept in AUR in this state
Regarding your question, ALL the AUR packages are insecure and MUST be checked on each installation/upgrade. Anyone could kill, encrypt, delete or destroy your data, entirely, including external volumes
This is very clearly documented on the AUR page
Last edited by Muflone (2024-06-04 19:18:27)
Offline
#3 2024-06-05 11:47:15
- Samega 7Cattac
- Member
- Registered: 2020-08-17
- Posts: 21
Re: How is pgadmin4-py package allowed in AUR in this state?
I know, that's why I said it was a "red flag".
And sometimes happens bc of weird setup or configurations some ppl have.
For that ppl listen to the comment section.
Btw already submited an ophan request. PgAdmin is a popular software so deletion request wouldn't be the correct call imo.
Thx for the reply.
Offline