Issue tracker moved to https://gitlab.archlinux.org/archlinux/aurweb/-/issues
FS#3264 - [permissions] TUs able to overwrite anything in unsupported
Attached to Project:
AUR web interface
Opened by Simo Leone (neotuli) - Sunday, 02 October 2005, 15:17 GMT
Opened by Simo Leone (neotuli) - Sunday, 02 October 2005, 15:17 GMT
|
DetailsYea, our permissions mask wasn't ideal to begin with.
|
This task depends upon
Closed by Simo Leone (neotuli)
Tuesday, 30 May 2006, 00:57 GMT
Reason for closing: None
Additional comments about closing: this is old, it hasnt been changed, i dont think it's about to be.
Tuesday, 30 May 2006, 00:57 GMT
Reason for closing: None
Additional comments about closing: this is old, it hasnt been changed, i dont think it's about to be.
Comment by Simo Leone (neotuli) -
Sunday, 02 October 2005, 15:19 GMT
On second thought, TUs are already able to take over any package, so perhaps it's better if it needs to be adopted first. DEVs..on the other hand...occasionally have the need to mess with the package (deal with bug reports..and so on) and so should have this power.
Comment by Jaroslaw Swierczynski (swiergot) -
Tuesday, 01 November 2005, 12:13 GMT
Nevertheless I'd like to be able to update any package without adopting it. Take the chmlib package as an example. It's outdated and vulnerable. I don't know why its maintainer doesn't update it so I don't want to take the package away from him but the package needs to be updated.
Comment by Simo Leone (neotuli) -
Tuesday, 01 November 2005, 13:12 GMT
hmmm, well I just dont like the lack of accountability that leaves. Since the AUR doesn't do much in the way of history. Somehow I think it'd be better that in cases like that (probably abandoned package) that it just be orphaned or taken anyway. But on the other hand, it's a major benefit for TUs to be able to just overwrite stuff, and they may just as well delete stuff, so perhaps we should allow it anyway.