On Mon, 12 Oct 2020 20:30:11 -0400 Manhong Dai via aur-general <aur-general@archlinux.org> wrote:
> Thanks a lot for your reply! I commented on the package hoping the new > maintainer can return the maintainer to me. > > But I am willing to answer your question. > > A pull request needs a lot of effort to check. The pull request changed a > lot of files and it is not that easy to see if the change is not malicious. > That being said, now do you understand that why I would trust a 'trusted > user' more? After all, 'trusted user' was named so for a reason, right? > > If changing package status to 'out of state ' doesn't send any > notification, it is SCARY. Not everybody can check out the aur email list > everyday and we all work on there packages for free. Why it is scary? What > if a malicious user submit a ticket like this and the become the maintainer > for a package that is not popular but could access sensitive data, like SGE? > > Think about it, the disowning already sends notification, why doesn't the > warning 'out of state' send the email? > > On another note, maybe the AUR package should be named like github does. > Adding the user name to the path will save such headache for both you and > me...... > > > Best, > Manhong > Sent from phone You didn't read a single word I wrote. Don't bother replying if you can't read.