You are not logged in.
Pages: 1
What is the process by which some packages are allowed to be part of the community repo, while others are relegated to the AUR?
I was looking at the update list today and noticed the package profanity in the community repository. I'm a big fan of curses-based UI, so I took a look at the project. In the help out section, it is stated that "The original author knew next to nothing about coding real applications in C, XMPP, or building and installing software on Linux when starting the project". Cute.
Looking at the project's GitHub issue list, I then see a reported buffer overflow - likely caused by the uninhibited use of strcpy throughout.
My point here is: if a newbie project begging for a remote code exploit can make it into the community repo, why is something like mscgen in the AUR? Who vets these things?
I apologize for the ranty-ness of this post.
Last edited by rdahlgren (2014-03-17 22:40:03)
Offline
What is the process by which some packages are allowed to be part of the community repo, while others are relegated to the AUR?
Nothing is relegated. Rather, if a TU wants to maintain it, then they'll move it into [community].
Who vets these things?
The TU that maintains it, hopefully.
I apologize for the ranty-ness of this post.
Yeah, avoid ranting; it's rather frowned upon on this BBS.
All the best,
-HG
Offline
Your exact question is in the wiki: https://wiki.archlinux.org/index.php/AU … mmunity.3F
Offline
Ah, so it is! Thanks for the wiki link.
Offline
Please remember to mark your thread title with [Solved] at the beginning if your question was answered.
All the best,
-HG
Last edited by HalosGhost (2014-03-17 21:19:02)
Offline
Pages: 1