Ask a friendly TU to delete all dangerous (malicious) packages. They have the power to do so. Email one or the entire list.

If a package is uploaded accidentially, the maintainer should be able to delete it and/or overwrite it. Please note, however, that you web-scrapers out there will still get the package, since currently the data still stays but it just gets taken out of the AUR's database.

I'm not sure whether it is a good idea to open up the ability for anyone to mark things "dangerous", it opens up the door for crap like "gee.. no one likes ____, let's mark all of his packages dangerous" Now, I know that we're all nice people and all that rot, but I did at one time participate more on the forums, and I avoid them at all costs now. I don't want to do things that are going to make the aur require moderation some day.

IMHO, we don't implement a dangerous flag, but add a suggestion somewhere that dangerous packages should be reported to the TU mailing list immediatly. They will get handled there. We might even make a button on package pages for doing just that. Maybe with a comments form and all, so that the messages have a uniform format and the person marking them dangerous has to be identified, maybe even IP included in the mail (this way you really have to be serious). (the current flags leave no trace of who marked it).
If we automated that email, I say it gets implemented right alongside all the other emailing stuff we've got coming (somewhere).

Yes, a button to contact tur-users someplace in AUR would probably be enough. There seems to be missing communication here somewhere...

all the trusted 'users' are supposedly members of the community, yet most of them, like you, have gotten sick of the forums (which are a lot better, BTW). Perhaps a new batch of TUs that tend to visit the forums are needed to act as a sort of liason...

Dusty

Ok well then I'll try to get that done right along with all the other emailing stuff that is supposed to be or is planned to be. I haven't any idea of when I'll get my butt moving on this.

I need to make an abstract interface for sending emails, so that we could use it in multiple places without code replication.
The other thing I want to ensure is that emails like these (notify dangerous) are send immediatly on page load, as in, the next confirmation page won't load without it, while those sent due to comment additions can be delayed, since there may potentially be a lot of them.

I'm going to check out how phpbb does it.

This is a very good idea. It could work like the out of date flag, where it's toggle-able. Then a user can log in and see what's going on.

It doesn't seem like it should be so hard, because it would act just like the out of date flag.

I still like the email button better. I mean, if you really do find a dangerous package, it might be better to let the people who have the power to do something about it know, rather than passively marking it bad and hoping people realize it.

Good point. I guess new comment notification would then take care of people submitting comments about properties of a package. The maintainer can sign up for comment notification and get notice when someone posts a comment about their package, pointing out a bug or potential issue that isn't serious enough to mail the TUs about.

So are we going to do this the email button way? or the color flag way?

Sounds like the email button. I'll hop to it tomorrow, and reassign this to me unless something else comes up.

After further discussion, we decided that it might be better to have TUs check over packages as they come in, then mark them clean, rather than unchecked. Therefore, I think we're going to hold off on this until we start implementing that, so we aren't creating features and removing them immediately.