Re: [aur-general] "Report malicious package" feature
On Fri, 26 Jun 2009 10:30:06 -0400 Andrei Thorp wrote: > Excerpts from hollunder's message of Fri Jun 26 10:25:57 -0400 2009: > > Now you've heard of such a thing ;) > > Now we've heard of some FUD and nothing confirmed :P > well, search this list for 'rubberband' to find my original mail. Sure maybe someone was just stupid, I didn't check.
Re: [aur-general] "Report malicious package" feature
If you want a button for rare cases; then if case is rare; then just send e-mail to aur-general; since it is a rare case; so you don't need a button
Re: [aur-general] "Report malicious package" feature
Excerpts from Laurie Clark-Michalek's message of Fri Jun 26 11:01:47 -0400 2009: > Mabey it would be good to have a Report Dangerous Package button, > instead of a report malicious package button? Otherwise we could be > accusing people of being malicious when all they are is a bit silly. Again, nah: - Rare case - Clutters the AUR interface - The "Report Dangerous Package" button is the sent e-mail to AUR-General button. -- Andrei Thorp, Developer: Xandros Corp. (http://www.xandros.com)
Re: [aur-general] "Report malicious package" feature
Mabey it would be good to have a Report Dangerous Package button,
instead of a report malicious package button? Otherwise we could be
accusing people of being malicious when all they are is a bit silly.
2009/6/26 Roberto Alsina :
> On Friday 26 June 2009 11:47:01 Andrei Thorp wrote:
>> Excerpts from Roberto Alsina's message of Fri Jun 26 10:31:35 -0400 2009:
>> > On Friday 26 June 2009 11:30:06 Andrei Thorp wrote:
>> > > Excerpts from hollunder's message of Fri Jun 26 10:25:57 -0400 2009:
>> > > > Now you've heard of such a thing ;)
>> > >
>> > > Now we've heard of some FUD and nothing confirmed :P
>> >
>> > A Qt IDE (I think it was monkeystudio?) once deleted my /home by accident
>> > (because it was a symlink).
>> >
>> > Scariest 10 minutes ever in my computer.
>>
>> Okay, yeah, I agree -- now that's scary.
>
> Luckily it only deleted the symlink, not the data.
>
> --
> ("\''/").__..-''"`-. . Roberto Alsina
> `9_ 9 ) `-. ( ).`-._.`) KDE Developer (MFCH)
> (_Y_.)' ._ ) `._`. " -.-' http://lateral.netmanagers.com.ar
> _..`-'_..-_/ /-'_.' The 6,855th most popular site of Slovenia
> (l)-'' ((i).' ((!.' according to alexa.com (27/5/2007)
> "Our opponent is an alien starship packed with atomic bombs, I said.
> We have a protractor. Okay, I’ll go home and see if I can scrounge up a
> ruler and a piece of string." — Neal Stephenson
>
Re: [aur-general] "Report malicious package" feature
On Friday 26 June 2009 11:47:01 Andrei Thorp wrote:
> Excerpts from Roberto Alsina's message of Fri Jun 26 10:31:35 -0400 2009:
> > On Friday 26 June 2009 11:30:06 Andrei Thorp wrote:
> > > Excerpts from hollunder's message of Fri Jun 26 10:25:57 -0400 2009:
> > > > Now you've heard of such a thing ;)
> > >
> > > Now we've heard of some FUD and nothing confirmed :P
> >
> > A Qt IDE (I think it was monkeystudio?) once deleted my /home by accident
> > (because it was a symlink).
> >
> > Scariest 10 minutes ever in my computer.
>
> Okay, yeah, I agree -- now that's scary.
Luckily it only deleted the symlink, not the data.
--
("\''/").__..-''"`-. . Roberto Alsina
`9_ 9 ) `-. ().`-._.`) KDE Developer (MFCH)
(_Y_.)' ._ ) `._`. " -.-' http://lateral.netmanagers.com.ar
_..`-'_..-_/ /-'_.' The 6,855th most popular site of Slovenia
(l)-'' ((i).' ((!.' according to alexa.com (27/5/2007)
"Our opponent is an alien starship packed with atomic bombs, I said.
We have a protractor. Okay, I’ll go home and see if I can scrounge up a
ruler and a piece of string." — Neal Stephenson
Re: [aur-general] "Report malicious package" feature
Excerpts from Roberto Alsina's message of Fri Jun 26 10:31:35 -0400 2009: > On Friday 26 June 2009 11:30:06 Andrei Thorp wrote: > > Excerpts from hollunder's message of Fri Jun 26 10:25:57 -0400 2009: > > > Now you've heard of such a thing ;) > > > > Now we've heard of some FUD and nothing confirmed :P > > A Qt IDE (I think it was monkeystudio?) once deleted my /home by accident > (because it was a symlink). > > Scariest 10 minutes ever in my computer. Okay, yeah, I agree -- now that's scary. -- Andrei Thorp, Developer: Xandros Corp. (http://www.xandros.com)
Re: [aur-general] "Report malicious package" feature
On Friday 26 June 2009 11:30:06 Andrei Thorp wrote:
> Excerpts from hollunder's message of Fri Jun 26 10:25:57 -0400 2009:
> > Now you've heard of such a thing ;)
>
> Now we've heard of some FUD and nothing confirmed :P
A Qt IDE (I think it was monkeystudio?) once deleted my /home by accident
(because it was a symlink).
Scariest 10 minutes ever in my computer.
--
("\''/").__..-''"`-. . Roberto Alsina
`9_ 9 ) `-. ().`-._.`) KDE Developer (MFCH)
(_Y_.)' ._ ) `._`. " -.-' http://lateral.netmanagers.com.ar
_..`-'_..-_/ /-'_.' The 6,855th most popular site of Slovenia
(l)-'' ((i).' ((!.' according to alexa.com (27/5/2007)
"Our opponent is an alien starship packed with atomic bombs, I said.
We have a protractor. Okay, I’ll go home and see if I can scrounge up a
ruler and a piece of string." — Neal Stephenson
Re: [aur-general] "Report malicious package" feature
Excerpts from hollunder's message of Fri Jun 26 10:25:57 -0400 2009: > Now you've heard of such a thing ;) Now we've heard of some FUD and nothing confirmed :P -- Andrei Thorp, Developer: Xandros Corp. (http://www.xandros.com)
Re: [aur-general] "Report malicious package" feature
On Fri, 26 Jun 2009 08:41:49 -0400 Daenyth Blank wrote: > On Thu, Jun 25, 2009 at 23:05, Xyne wrote: > >> Principally you are right, but pressing a button "report malicious > >> package" could or should send an e-mail to this mailing list or to > >> every TU automatically. This would be the easiest way for the > >> users. > > > > That could lead to spam. A better system would be similar to the > > out-of-date system that we currently have, with some changes. You > > press the "report malicious package" button, submit a reason, and > > then a messages gets automatically posted to the list. At the same > > time, it also displays on the AUR page and flagged packages can be > > filtered in the search the same way out-of-date packages can. The > > reporter would also be mentioned in the list (to prevent people > > from anonymously flagging packages without reason). > > > > > I'm not sure if I'll be agreed with here, but I think the whole idea > of this feature is not needed. The AUR has been up for how many years, > and I haven't even *heard* of a malicious package. I don't think we > should add features (and spend effort coding, and make the interface > *more* cluttered) unless there is a need for the feature. Well, I found a possible malicious package but didn't investigate further, simple requested deletion/orphanage and re-did it if I remember correctly. The issue there was that the source was downloaded not from the official page but somewhere else and at least re-compressed with a different method. At least compressed it was bigger than the original source but I didn't compare the content. No idea if it really was an attempt at doing something bad or simply something else, but it was suspicious at least. Now you've heard of such a thing ;)
Re: [aur-general] "Report malicious package" feature
It'll be a sad day in open source when Linux gets popular enough such that there are dicks who go around poisoning packages... a serious concern, but one for another day (thank God). Don't you hate how the worst elements in society govern so much of how we behave? Every door is locked, every window is barred, emails signed, police patrols... So unfortunate that the few cost so much. *Sigh* Anyway! Thankfully that hasn't happened to our nice little universe yet :D -- Andrei Thorp, Developer: Xandros Corp. (http://www.xandros.com)
Re: [aur-general] "Report malicious package" feature
There used to be a system whereby TUs would mark a package safe. If that was scrapped, then this is no better.
Re: [aur-general] "Report malicious package" feature
On Thu, Jun 25, 2009 at 23:05, Xyne wrote: >> Principally you are right, but pressing a button "report malicious >> package" could or should send an e-mail to this mailing list or to every >> TU automatically. This would be the easiest way for the users. > > That could lead to spam. A better system would be similar to the > out-of-date system that we currently have, with some changes. You press > the "report malicious package" button, submit a reason, and then a > messages gets automatically posted to the list. At the same time, it > also displays on the AUR page and flagged packages can be filtered in > the search the same way out-of-date packages can. The reporter would > also be mentioned in the list (to prevent people from anonymously > flagging packages without reason). > > I'm not sure if I'll be agreed with here, but I think the whole idea of this feature is not needed. The AUR has been up for how many years, and I haven't even *heard* of a malicious package. I don't think we should add features (and spend effort coding, and make the interface *more* cluttered) unless there is a need for the feature.
