repo harden aur_pre

harden aur_pre_build

Open lilydjwg opened this issue 3 years ago • 28 comments

问题类型 / Type of issues

其它 / other

受影响的软件包 / Affected packages

[ ] freeradius-client ()
[x] fsharp () #2326
[ ] libpcl ()
[X] flipclock (@AlynxZhou)
[X] gnome-shell-extension-fixed-ime-list (@AlynxZhou)
[X] gnome-shell-extension-simple-net-speed (@AlynxZhou)
[X] gnome-shell-extension-sound-output-device-chooser (@AlynxZhou)
[X] gnome-terminal-middle-click-close-tab (@AlynxZhou)
[X] hikarujs (@AlynxZhou)
[X] openrgb (@AlynxZhou)
[X] showmethekey (@AlynxZhou)
[ ] besttrace (@attenuation)
[ ] gdb-multiarch (@attenuation)
[x] ~~flite1 (@a-wing)~~ #2254
[x] gebaar (@a-wing)
[x] gnome-shell-extension-dash-to-dock (@a-wing)
[x] hmcl (@a-wing)
[x] hunter (@a-wing)
[x] libsixel (@a-wing)
[x] mellowplayer (@a-wing)
[x] rebar3 (@a-wing)
[x] ~~ruby-arel (@a-wing)~~ #2256
[x] ~~ruby-bundler1 (@a-wing)~~ #2255
[x] ruby-coderay (@a-wing)
[x] cockroachdb-bin (@axionl)
[x] ffsend-bin (@axionl)
[x] gitkraken (@axionl)
[x] kubectl-bin (@axionl)
[x] netease-musicbox (@axionl)
[x] pkghist (@axionl)
[x] python-isounidecode (@axionl)
[x] python-pylyrics (@axionl)
[x] python-pysdl2 (@axionl)
[x] qownnotes (@axionl)
[x] teleport-bin (@axionl)
[x] trizen (@axionl)
[x] wasmer (@axionl)
[ ] alert-after (@bennyyip)
[ ] flow-pomodoro (@bennyyip)
[ ] i3status-rust-git (@bennyyip)
[ ] ghcup-hs-bin (@berberman)
[x] acestream-engine (@BruceZhang1993)
[x] authy (@BruceZhang1993)
[x] cocomusic (@BruceZhang1993)
[x] crow-translate (@BruceZhang1993)
[x] desktop-naotu (@BruceZhang1993)
[x] electron4-bin (@BruceZhang1993)
[x] electron8-bin (@BruceZhang1993)
[x] protontricks (@BruceZhang1993)
[x] python-m3u8 (@BruceZhang1993)
[x] python-vdf (@BruceZhang1993)
[x] systemd-kcm (@BruceZhang1993)
[x] android-studio (@cuihaoleo)
[x] birdtray (@cuihaoleo)
[x] slack-desktop (@cuihaoleo)
[x] tinc-pre (@cuihaoleo)
[x] yubico-piv-tool (@cuihaoleo)
[x] adobe-source-han-mono-fonts (@dctxmei)
[x] ariang-allinone (@dctxmei)
[x] betterlockscreen (@dctxmei)
[x] bibata-cursor-theme (@dctxmei)
[x] bigtime (@dctxmei)
[x] browsh (@dctxmei)
[x] bsnes (@dctxmei)
[x] cava (@dctxmei)
[x] chromedriver (@dctxmei)
[x] cppo (@dctxmei)
[x] cpu-x (@dctxmei)
[x] create_ap (@dctxmei)
[x] discord-canary (@dctxmei)
[x] dust (@dctxmei)
[x] elementary-planner (@dctxmei)
[ ] feather-fonts (@dctxmei)
[x] firefox-esr (@dctxmei)
[x] flat-remix (@dctxmei)
[x] flat-remix-gnome (@dctxmei)
[x] flat-remix-gtk (@dctxmei)
[x] freeplane (@dctxmei)
[x] getmail6 (@dctxmei)
[x] gnome-shell-pomodoro (@dctxmei)
[x] gron (@dctxmei)
[x] hath (@dctxmei)
[x] highway (@dctxmei)
[x] htpdate (@dctxmei)
[x] ibus-libzhuyin (@dctxmei)
[x] icecat (@dctxmei)
[x] jellyfin (@dctxmei)
[x] jql (@dctxmei)
[x] keeweb (@dctxmei)
[x] kodi-standalone-service (@dctxmei)
[x] lazydocker (@dctxmei)
[x] lf (@dctxmei)
[x] libcpuid (@dctxmei)
[x] libfixposix (@dctxmei)
[x] libjpeg-xl (@dctxmei)
[x] lightdm-slick-greeter (@dctxmei)
[x] linux-wifi-hotspot (@dctxmei)
[x] mailspring (@dctxmei)
[x] mailsync (@dctxmei)
[x] music-dl (@dctxmei)
[x] neovim-remote (@dctxmei)
[x] nushell (@dctxmei)
[x] nyxt (@dctxmei)
[x] ocaml-biniou (@dctxmei)
[x] ocaml-compiler-libs-repackaged (@dctxmei)
[x] ocaml-easy-format (@dctxmei)
[x] ocaml-menhir (@dctxmei)
[x] ocaml-migrate-parsetree2 (@dctxmei)
[x] ocaml-octavius (@dctxmei)
[x] ocaml-ppx_derivers (@dctxmei)
[x] ocaml-seq (@dctxmei)
[x] ocaml-sexplib0 (@dctxmei)
[x] ocaml-stdlib-shims (@dctxmei)
[x] oomox (@dctxmei)
[x] perl-file-rename (@dctxmei)
[x] polybar (@dctxmei)
[x] python-clickgen (@dctxmei)
[x] python-pyephem (@dctxmei)
[x] python-requests-futures (@dctxmei)
[x] qv2ray-plugin-command (@dctxmei)
[x] qv2ray-plugin-trojan (@dctxmei)
[ ] r8125 (@dctxmei)
[x] resvg (@dctxmei)
[x] rime-cloverpinyin (@dctxmei)
[x] rime-symbols (@dctxmei)
[ ] rofi-themes (@dctxmei)
[x] ruffle-git (@dctxmei)
[x] rxvt-unicode-better-wheel-scrolling (@dctxmei)
[x] spotify-tui (@dctxmei)
[x] surface-control (@dctxmei)
[x] ttf-comfortaa (@dctxmei)
[x] ungoogled-chromium (@dctxmei)
[x] vimix-cursors (@dctxmei)
[x] vimix-gtk-themes (@dctxmei)
[x] vimix-gtk-themes-git (@dctxmei)
[x] vimix-icon-theme (@dctxmei)
[x] vim-youcompleteme-git (@dctxmei)
[x] virtualbox-ext-oracle (@dctxmei)
[x] vmessping (@dctxmei)
[x] bluez-utils-compat (@DDoSolitary)
[x] clash-premium-bin (@DDoSolitary)
[x] cloudflared (@DDoSolitary)
[x] deoplete-git (@DDoSolitary)
[x] dislocker-noruby (@DDoSolitary)
[x] firefox-beta-bin (@DDoSolitary)
[x] google-chrome-beta (@DDoSolitary)
[x] hpfall-git (@DDoSolitary)
[x] jbig2enc-git (@DDoSolitary)
[x] jdk11-graalvm-bin (@DDoSolitary)
[x] kernel-modules-hook (@DDoSolitary)
[x] lib32-a52dec (@DDoSolitary)
[x] lib32-aom (@DDoSolitary)
[x] lib32-bluez-libs (@DDoSolitary)
[x] lib32-chromaprint (@DDoSolitary)
[x] lib32-dav1d (@DDoSolitary)
[x] lib32-faac (@DDoSolitary)
[x] lib32-faad2 (@DDoSolitary)
[x] lib32-ffmpeg (@DDoSolitary)
[x] lib32-fftw (@DDoSolitary)
[x] lib32-glslang (@DDoSolitary)
[x] lib32-gsm (@DDoSolitary)
[x] lib32-gssdp (@DDoSolitary)
[x] lib32-gst-plugins-bad (@DDoSolitary)
[x] lib32-gst-plugins-ugly (@DDoSolitary)
[x] lib32-gupnp (@DDoSolitary)
[x] lib32-gupnp-igd (@DDoSolitary)
[x] lib32-imath (@DDoSolitary)
[x] lib32-jbigkit (@DDoSolitary)
[x] lib32-lame (@DDoSolitary)
[x] lib32-libass (@DDoSolitary)
[x] lib32-libbluray (@DDoSolitary)
[x] lib32-libbs2b (@DDoSolitary)
[x] lib32-libcdio (@DDoSolitary)
[x] lib32-libcue (@DDoSolitary)
[x] lib32-libdc1394 (@DDoSolitary)
[x] lib32-libdca (@DDoSolitary)
[x] lib32-libde265 (@DDoSolitary)
[x] lib32-libdvdcss (@DDoSolitary)
[x] lib32-libdvdnav (@DDoSolitary)
[x] lib32-libdvdread (@DDoSolitary)
[x] lib32-libexif (@DDoSolitary)
[x] lib32-libfdk-aac (@DDoSolitary)
[x] lib32-libgme (@DDoSolitary)
[x] lib32-libkate (@DDoSolitary)
[x] lib32-liblrdf (@DDoSolitary)
[x] lib32-libmms (@DDoSolitary)
[x] lib32-libmpcdec (@DDoSolitary)
[x] lib32-libmpeg2 (@DDoSolitary)
[x] lib32-libnice (@DDoSolitary)
[x] lib32-libofa (@DDoSolitary)
[x] lib32-libreplaygain (@DDoSolitary)
[x] lib32-libsidplay (@DDoSolitary)
[x] lib32-libsrtp (@DDoSolitary)
[x] lib32-libtiger (@DDoSolitary)
[x] lib32-lilv (@DDoSolitary)
[x] lib32-l-smash (@DDoSolitary)
[x] lib32-lv2 (@DDoSolitary)
[x] lib32-mjpegtools (@DDoSolitary)
[x] lib32-neon (@DDoSolitary)
[x] lib32-numactl (@DDoSolitary)
[x] lib32-nvidia-utils-beta (@DDoSolitary)
[x] lib32-opencore-amr (@DDoSolitary)
[x] lib32-openexr (@DDoSolitary)
[x] lib32-openjpeg2 (@DDoSolitary)
[x] lib32-raptor (@DDoSolitary)
[x] lib32-rtmpdump (@DDoSolitary)
[x] lib32-sbc (@DDoSolitary)
[x] lib32-serd (@DDoSolitary)
[x] lib32-shaderc (@DDoSolitary)
[x] lib32-sord (@DDoSolitary)
[x] lib32-spandsp (@DDoSolitary)
[x] lib32-spirv-tools (@DDoSolitary)
[x] lib32-sratom (@DDoSolitary)
[x] lib32-srt (@DDoSolitary)
[x] lib32-vmaf (@DDoSolitary)
[x] lib32-webrtc-audio-processing (@DDoSolitary)
[x] lib32-wildmidi (@DDoSolitary)
[x] lib32-x264 (@DDoSolitary)
[x] lib32-x265 (@DDoSolitary)
[x] lib32-xvidcore (@DDoSolitary)
[x] lib32-zbar (@DDoSolitary)
[x] lib32-zvbi (@DDoSolitary)
[x] libnvidia-container (@DDoSolitary)
[x] libtins (@DDoSolitary)
[x] libva-vdpau-driver-vp9-git (@DDoSolitary)
[x] logisim (@DDoSolitary)
[x] mars-mips (@DDoSolitary)
[x] mkinitcpio-numlock (@DDoSolitary)
[x] native-image-jdk11-bin (@DDoSolitary)
[x] nginx-mod-fancyindex (@DDoSolitary)
[x] ntfs3-dkms (@DDoSolitary)
[x] nvidia-beta-dkms (@DDoSolitary)
[x] nvidia-container-toolkit (@DDoSolitary)
[x] nvidia-utils-beta (@DDoSolitary)
[x] ocrmypdf (@DDoSolitary)
[x] optimus-manager (@DDoSolitary)
[x] plymouth-theme-arch-breeze-git (@DDoSolitary)
[x] plymouth-theme-arch-charge-big (@DDoSolitary)
[x] plymouth-theme-arch-charge (@DDoSolitary)
[x] plymouth-theme-arch-charge-gdm (@DDoSolitary)
[x] plymouth-theme-arch-glow (@DDoSolitary)
[x] plymouth-theme-arch-logo (@DDoSolitary)
[x] plymouth-theme-arch-logo-gnomish (@DDoSolitary)
[x] plymouth-theme-arch-logo-new (@DDoSolitary)
[x] plymouth-theme-arch-solarized-git (@DDoSolitary)
[x] plymouth-theme-dark-arch (@DDoSolitary)
[x] plymouth-theme-gdm-arch (@DDoSolitary)
[x] plymouth-theme-minimal-dark-git (@DDoSolitary)
[x] plymouth-theme-monoarch (@DDoSolitary)
[x] preloader-signed (@DDoSolitary)
[x] protondb-tags (@DDoSolitary)
[x] python-coloredlogs (@DDoSolitary)
[x] python-humanfriendly (@DDoSolitary)
[x] ruby-connection_pool (@DDoSolitary)
[x] ruby-highline (@DDoSolitary)
[x] ruby-json_pure (@DDoSolitary)
[x] shim-signed (@DDoSolitary)
[x] systemd-numlockontty (@DDoSolitary)
[x] thunderbird-beta-bin (@DDoSolitary)
[x] uvesafb-dkms (@DDoSolitary)
[x] vdhcoapp (@DDoSolitary)
[x] vim-airline-git (@DDoSolitary)
[x] vim-airline-themes-git (@DDoSolitary)
[x] vim-commentary-git (@DDoSolitary)
[x] vim-fugitive-git (@DDoSolitary)
[x] vim-gitgutter-git (@DDoSolitary)
[x] vim-polyglot-git (@DDoSolitary)
[x] waifu2x-converter-cpp-cuda-git (@DDoSolitary)
[x] waifu2x-converter-cpp-git (@DDoSolitary)
[x] daemonize (@DuckSoft)
[x] dolphin-duckspace (@DuckSoft)
[x] telegram-tdlib (@DuckSoft)
[x] trojan-r-git (@DuckSoft)
[x] ventoy-bin (@DuckSoft)
[x] ca-certificates-vsign-universal-root (@DuckSoft @rayfalling)
[x] libspotify (@edward-p)
[x] log4c (@edward-p)
[x] plasma5-applets-window-appmenu (@edward-p)
[x] plasma5-applets-window-title (@edward-p)
[x] python-casttube (@edward-p)
[x] python-gmusicapi (@edward-p)
[x] python-gpsoauth (@edward-p)
[x] python-mechanicalsoup (@edward-p)
[x] python-plexapi (@edward-p)
[x] python-proboscis (@edward-p)
[x] python-pychromecast (@edward-p)
[x] python-soundcloud-git (@edward-p)
[x] python-spotipy (@edward-p)
[x] python-validictory (@edward-p)
[x] aha-git (@farseerfc)
[ ] alsi (@farseerfc)
[x] apache-lucene (@farseerfc)
[x] archey-git (@farseerfc)
[x] archlinux-java-run (@farseerfc)
[x] aurutils (@farseerfc)
[x] breeze-plymouth (@farseerfc)
[x] btrbk (@farseerfc)
[x] cdate (@farseerfc)
[x] cdecl (@farseerfc)
[x] chez-scheme (@farseerfc)
[x] chrome-remote-desktop (@farseerfc)
[ ] cndrvcups-common-lb (@farseerfc)
[ ] cndrvcups-lb (@farseerfc)
[ ] cnijfilter2-mg3600 (@farseerfc)
[ ] conoha-iso-git (@farseerfc)
[ ] depot-tools-git (@farseerfc)
[ ] eaglemode (@farseerfc)
[ ] figlet-fonts (@farseerfc)
[x] firefox-appmenu (@farseerfc)
[x] firefox-kde-opensuse (@farseerfc)
[ ] flashbench-git (@farseerfc)
[ ] font-symbola (@farseerfc)
[ ] freshplayerplugin (@farseerfc)
[ ] ghostpdl (@farseerfc)
[ ] glmark2 (@farseerfc)
[ ] graphite-mozilla (@farseerfc)
[ ] gtk3-classic (@farseerfc)
[ ] ipad_charge (@farseerfc)
[ ] jave (@farseerfc)
[ ] jdk (@farseerfc)
[ ] jfbview (@farseerfc)
[ ] jlatexmath-fop (@farseerfc)
[ ] kdeconnect-git (@farseerfc)
[ ] kpeople-vcard-git (@farseerfc)
[ ] libiconv (@farseerfc)
[ ] libsolv (@farseerfc)
[ ] libstdc++-doc (@farseerfc)
[ ] marktext-git (@farseerfc)
[ ] masterpdfeditor (@farseerfc)
[ ] mbuffer (@farseerfc)
[ ] moeditor-bin (@farseerfc)
[x] monodevelop-stable (@farseerfc) #2326
[ ] ncurses5-compat-libs (@farseerfc)
[ ] obs-xdg-portal-git (@farseerfc)
[ ] pacman-static (@farseerfc)
[ ] pavumeter (@farseerfc)
[ ] pkgtools (@farseerfc)
[ ] pm2ml (@farseerfc)
[ ] powerpill (@farseerfc)
[ ] pygtk (@farseerfc)
[ ] pystopwatch (@farseerfc)
[ ] python3-aur (@farseerfc)
[ ] python3-memoizedb (@farseerfc)
[ ] python3-xcgf (@farseerfc)
[ ] python3-xcpf (@farseerfc)
[ ] qxmpp (@farseerfc)
[ ] rar (@farseerfc)
[ ] ripgrep-all (@farseerfc)
[ ] rua (@farseerfc)
[ ] simplenote-electron-bin (@farseerfc)
[ ] stack-static (@farseerfc)
[ ] systemd-report-entropy (@farseerfc)
[ ] systemd-shutdown-diagnose (@farseerfc)
[ ] texlive-dummy (@farseerfc)
[ ] thunderbird-appmenu (@farseerfc)
[x] timeshift (@farseerfc)
[ ] toilet (@farseerfc)
[ ] ttf-itxe-writing (@farseerfc)
[ ] tusk (@farseerfc)
[x] typora (@farseerfc)
[ ] uefitool-git (@farseerfc)
[ ] visual-studio-code-bin (@farseerfc)
[ ] vitetris (@farseerfc)
[ ] vmware-horizon-client (@farseerfc)
[ ] vtop (@farseerfc)
[ ] xrestop (@farseerfc)
[ ] zchunk (@farseerfc)
[ ] android-apktool (@felixonmars)
[ ] aurvote (@felixonmars)
[ ] binfmt-qemu-static (@felixonmars)
[ ] chnroutes2-git (@felixonmars)
[ ] chnroutes-alike-git (@felixonmars)
[ ] dnsmasq-china-list-git (@felixonmars)
[ ] downgrade (@felixonmars)
[ ] fcitx5-pinyin-zhwiki (@felixonmars)
[ ] glib2-static (@felixonmars)
[ ] glibc-linux4 (@felixonmars)
[ ] lib32-tk (@felixonmars)
[ ] linux-lts414 (@felixonmars)
[ ] linux-lts44 (@felixonmars)
[ ] linux-lts49 (@felixonmars)
[ ] nodejs-jshint (@felixonmars)
[ ] pakku (@felixonmars)
[ ] pcre-static (@felixonmars)
[ ] pypinyin (@felixonmars)
[ ] qemu-user-static (@felixonmars)
[ ] arch-hs-git (@felixonmars @berberman)
[x] package-query (@felixonmars @DDoSolitary)
[x] adguardhome (@frantic1048)
[x] code-transparent (@frantic1048)
[x] elvish (@frantic1048)
[x] flacon (@frantic1048)
[x] font-victor-mono (@frantic1048)
[x] gitter (@frantic1048)
[x] kreogist-mu (@frantic1048)
[x] nvm (@frantic1048)
[x] pencil (@frantic1048)
[x] plex-hama-bundle-git (@frantic1048)
[x] plex-media-server (@frantic1048)
[x] scrcpy (@frantic1048)
[x] ttf-merriweather (@frantic1048)
[x] ttf-merriweather-sans (@frantic1048)
[x] ttf-oswald (@frantic1048)
[x] ttf-quintessential (@frantic1048)
[x] ttf-signika (@frantic1048)
[ ] fcitx5-pinyin-zhwiki-rime (@h0cheung @farseerfc)
[x] nordic-theme (@hamkido)
[x] anbox-image (@heavysink)
[x] blockify (@heavysink)
[x] brave-bin (@heavysink)
[x] cemu (@heavysink)
[x] clipit (@heavysink)
[x] conan (@heavysink)
[x] ~~cwiid (@heavysink)~~ #2264
[x] ~~dbus-cpp (@heavysink)~~ #2267
[x] deadbeef-mpris2-plugin (@heavysink)
[x] ~~dotnet-core-bin (@heavysink)~~ #2266
[x] ~~eclipse-antlr-runtime (@heavysink)~~ #2268
[x] ~~eclipse-dltk-core (@heavysink)~~ #2268
[x] ~~eclipse-dltk-python (@heavysink)~~ #2268
[x] eclipse-emf (@heavysink)
[x] eclipse-platform (@heavysink)
[x] fstrcmp (@heavysink)
[x] ~~fs-uae-arcade-devel (@heavysink)~~ #2269
[x] ~~fs-uae-devel (@heavysink)~~ #2269
[x] ~~fs-uae-launcher-devel (@heavysink)~~ #2269
[x] genymotion (@heavysink)
[x] github-desktop-bin (@heavysink)
[x] google-chrome-dev (@heavysink)
[x] icu60 (@heavysink)
[x] jdownloader2 (@heavysink)
[x] kega-fusion (@heavysink)
[x] lastpass (@heavysink)
[x] lib32-libmng (@heavysink)
[x] lib32-muparser (@heavysink)
[x] lib32-ncurses5-compat-libs (@heavysink)
[x] lib32-qt4 (@heavysink)
[x] lib32-sdl_sound (@heavysink)
[x] lib32-wxgtk3 (@heavysink)
[x] libart-lgpl (@heavysink)
[x] libblocksruntime (@heavysink)
[x] libdispatch (@heavysink)
[x] libpthread-stubs (@heavysink)
[x] libuvc (@heavysink)
[x] llvm40 (@heavysink)
[x] mysql (@heavysink)
[x] nintendo-udev (@heavysink)
[x] palemoon (@heavysink)
[x] pamac-aur (@heavysink)
[x] pcem (@heavysink)
[x] phonon-qt4 (@heavysink)
[x] ~~process-cpp (@heavysink)~~ #2267
[x] properties-cpp (@heavysink)
[x] pyqt4 (@heavysink)
[x] python-node-semver (@heavysink)
[x] python-patch-ng (@heavysink)
[x] python-pluginbase (@heavysink)
[x] python-sip-pyqt4 (@heavysink)
[x] qemu-git (@heavysink)
[x] qt4 (@heavysink)
[x] rambox-bin (@heavysink)
[x] skypeforlinux-preview-bin (@heavysink)
[x] skypeforlinux-stable-bin (@heavysink)
[x] soci (@heavysink)
[x] tintin (@heavysink)
[x] tome4 (@heavysink)
[x] ttf-mplus (@heavysink)
[x] webcamoid (@heavysink)
[x] xnp2 (@heavysink)
[x] yay (@heavysink)
[x] 3dmeshmetric-bin (@hubutui)
[x] camlpdf (@hubutui)
[x] cpdf (@hubutui)
[x] mafft (@hubutui)
[x] pspp (@hubutui)
[x] python-atari-py (@hubutui)
[x] python-colorful (@hubutui)
[x] python-cupy (@hubutui)
[x] python-dm-tree (@hubutui)
[x] python-google (@hubutui)
[x] python-opencensus (@hubutui)
[x] qupath-bin (@hubutui)
[x] spread-sheet-widget (@hubutui)
[x] tikzit (@hubutui)
[x] x11docker (@hubutui)
[X] mirror (@ideal)
[x] gowitness (@imlonghao)
[x] lazynpm (@imlonghao)
[x] nali-cli (@imlonghao)
[x] trivy (@imlonghao)
[x] pacroller-git (@isjerryxiao)
[x] pacroller (@isjerryxiao)
[x] needrestart-git (@isjerryxiao @dctxmei)
[ ] needrestart (@isjerryxiao @dctxmei)
[x] deepin-anything-git (@justforlxz)
[x] deepin-api-git (@justforlxz)
[x] deepin-control-center-git (@justforlxz)
[x] deepin-daemon-git (@justforlxz)
[x] deepin-desktop-base-git (@justforlxz)
[x] deepin-desktop-schemas-git (@justforlxz)
[x] deepin-dock-git (@justforlxz)
[x] deepin-file-manager-git (@justforlxz)
[x] deepin-gettext-tools-git (@justforlxz)
[x] deepin-launcher-git (@justforlxz)
[x] deepin-network-utils-git (@justforlxz)
[x] deepin-polkit-agent-ext-gnomekeyring-git (@justforlxz)
[x] deepin-polkit-agent-git (@justforlxz)
[x] deepin-pw-check-git (@justforlxz)
[x] deepin-qt5integration-git (@justforlxz)
[x] deepin-qt5platform-plugins-git (@justforlxz)
[x] deepin-qt-dbus-factory-git (@justforlxz)
[x] deepin-session-shell-git (@justforlxz)
[x] deepin-session-ui-git (@justforlxz)
[x] disomaster-git (@justforlxz)
[x] dtkcommon-git (@justforlxz)
[x] dtkcore-git (@justforlxz)
[x] dtkgui-git (@justforlxz)
[x] dtkwidget-git (@justforlxz)
[x] golang-deepin-gir-git (@justforlxz)
[x] golang-deepin-lib-git (@justforlxz)
[x] golang-github-linuxdeepin-go-dbus-factory-git (@justforlxz)
[x] golang-github-linuxdeepin-go-x11-client-git (@justforlxz)
[x] startdde-git (@justforlxz)
[x] aria2-fast (@kaseiwang)
[x] armadillo (@kaseiwang)
[x] envoyproxy (@kaseiwang)
[x] nginx-mainline-boringssl (@kaseiwang)
[x] rslsync (@kaseiwang)
[x] i2p (@KenOokamiHoro)
[x] java-service-wrapper (@KenOokamiHoro)
[x] obfs4proxy (@KenOokamiHoro)
[ ] parsoid-git (@KenOokamiHoro)
[ ] restbase-git (@KenOokamiHoro)
[x] breeze-blurred-git (@MarvelousBlack)(#2242)
[x] etherwake (@MarvelousBlack)(#2278)
[x] google-chrome (@MarvelousBlack)
[x] i3-gaps-next-git (@MarvelousBlack)
[x] pacmixer (@MarvelousBlack)(#2229)
[x] pikaur (@MarvelousBlack)
[x] wine-osu (@MarvelousBlack)
[x] libeb (@masakichi)
[x] litecli (@masakichi)
[x] mecab-ipadic (@masakichi)
[x] ttf-migu (@masakichi)
[x] lean-community (@megrxu @dctxmei)
[x] python-mathlibtools (@megrxu @dctxmei)
[ ] amarok (@oldherl)
[ ] archlinux-artwork (@oldherl)
[ ] ds9 (@oldherl)
[ ] exaile (@oldherl)
[ ] google-earth-pro (@oldherl)
[ ] jcloisterzone (@oldherl)
[ ] minify (@oldherl)
[ ] onedrive-abraunegg (@oldherl)
[ ] pcf2bdf-git (@oldherl)
[ ] python-astropy-helpers (@oldherl)
[ ] python-astropy (@oldherl)
[ ] python-pyerfa (@oldherl)
[ ] taglib-extras (@oldherl)
[ ] tango-icon-theme-extras (@oldherl)
[ ] tango-icon-theme (@oldherl)
[ ] tio (@oldherl)
[x] bilibili-live-helper-bin (@OriginCode)
[x] ciel (@OriginCode)
[x] dino-git (@OriginCode)
[x] fsearch-git (@OriginCode)
[x] inxi (@OriginCode)
[x] isoimagewriter (@OriginCode)
[x] linux-froidzen (@OriginCode)
[x] linuxqq (@OriginCode)
[x] snapper-gui-git (@OriginCode)
[x] stepmania (@OriginCode)
[x] systemd-boot-pacman-hook (@OriginCode)
[x] zorin-desktop-themes-git (@OriginCode)
[x] zorin-desktop-themes (@OriginCode)
[x] dxvk-bin (@PeterCxy)
[x] evdev-right-click-emulation (@PeterCxy)
[x] gnome-shell-extension-gsconnect (@PeterCxy)
[x] hyper (@PeterCxy)
[x] kwin-lowlatency (@PeterCxy)
[x] mozc (@PeterCxy)
[x] python-misaka (@PeterCxy)
[x] tornado_systemd (@PeterCxy)
[ ] bomi-git (@petronny)
[ ] bypy-git (@petronny)
[ ] cataclysm-dda-ncurses (@petronny)
[ ] eclipse-vrapper (@petronny)
[ ] gn-git (@petronny)
[ ] gnome-shell-extension-topicons-plus-git (@petronny)
[ ] gnome-shell-extension-volume-mixer-git (@petronny)
[ ] hpoj (@petronny)
[ ] js-beautify (@petronny)
[ ] kmozillahelper (@petronny)
[ ] libnatspec (@petronny)
[ ] megatools (@petronny)
[ ] minecraft-launcher (@petronny)
[ ] minecraft-server (@petronny)
[ ] mpd-notification-git (@petronny)
[ ] onedrive-git (@petronny)
[ ] openh264 (@petronny)
[ ] opsu (@petronny)
[ ] p7zip-natspec (@petronny)
[ ] pinyin-completion (@petronny)
[ ] proftpd (@petronny)
[ ] python-multiprocess (@petronny)
[ ] qt-installer-framework (@petronny)
[ ] rssdrop (@petronny)
[ ] spigot (@petronny)
[ ] ttf-wps-fonts (@petronny)
[ ] unzip-natspec (@petronny)
[ ] vim-fcitx (@petronny)
[ ] vim-pathogen (@petronny)
[ ] vim-tern (@petronny)
[ ] webstorm (@petronny)
[ ] wxmedit (@petronny)
[ ] xscreensaver-arch-logo (@petronny)
[ ] zotero (@petronny)
[ ] ats2-contrib (@poscat0x04)
[ ] ats2-postiats (@poscat0x04)
[ ] nodejs-spago (@poscat0x04)
[ ] prezto-git (@poscat0x04)
[ ] purescript (@poscat0x04)
[ ] v2ray-rules-git (@poscat0x04)
[ ] visual-studio-code-insiders-bin (@poscat0x04)
[ ] multimc5 (@Rasphino)
[ ] pacman-pstatus (@renyuneyun)
[x] cling (@Sasasu)
[ ] cqlsh (@Sasasu)
[x] criu (@Sasasu)
[x] kjieba (@Sasasu)
[ ] mergerfs (@Sasasu)
[x] mycli (@Sasasu)
[x] packetsender (@Sasasu)
[x] pgcli (@Sasasu)
[ ] python2-cassandra-driver-git (@Sasasu)
[x] python-pgspecial (@Sasasu)
[ ] python-pipsi (@Sasasu)
[x] qbittorrent-enhanced-git (@Sasasu)
[x] svp (@Sasasu)
[x] ~~bear~~ (@SilverRainZ) https://github.com/archlinuxcn/repo/issues/2633
[x] ddnet (@SilverRainZ)
[x] ~~etcd~~ (@SilverRainZ) https://github.com/archlinuxcn/repo/issues/2665
[x] fcitx-skin-material (@SilverRainZ)
[x] fluent-reader (@SilverRainZ)
[x] fontweak (@SilverRainZ)
[x] gdm-plymouth (@SilverRainZ)
[x] git-extras (@SilverRainZ)
[x] graphene-git (@SilverRainZ)
[x] ~~jekyll (@SilverRainZ)~~ Orphaned by #2207
[x] libinput-gestures (@SilverRainZ)
[x] lice-git (@SilverRainZ)
[x] mentohust (@SilverRainZ)
[x] nord-tilix (@SilverRainZ)
[x] noto-fonts-emoji-blob (@SilverRainZ)
[x] nutstore (@SilverRainZ)
[x] plymouth (@SilverRainZ)
[x] pnglite (@SilverRainZ)
[x] pnmixer-gtk3 (@SilverRainZ)
[x] postman-bin (@SilverRainZ)
[x] pyenv-virtualenv (@SilverRainZ)
[x] rocketchat-desktop (@SilverRainZ)
[x] ~~ruby-benchmark-ips (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-benchmark_suite (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-em-websocket (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-http_parser.rb (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-jekyll-paginate (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-jekyll-watch (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-kramdown-parser-gfm (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-liquid (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-listen (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-ruby_dep (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-terminal-table (@SilverRainZ)~~ Orphaned by #2207
[x] ~~ruby-yajl-ruby (@SilverRainZ)~~ Orphaned by #2207
[x] stockfish (@SilverRainZ)
[x] tor-browser (@SilverRainZ)
[x] trayer-srg (@SilverRainZ)
[x] vim-plug-git (@SilverRainZ)
[x] vim-plug (@SilverRainZ)
[x] wrk (@SilverRainZ)
[x] xflux (@SilverRainZ)
[ ] deepin-fonts-wine (@Skywol)
[ ] deepin-udis86 (@Skywol)
[ ] deepin-wine32-preloader (@Skywol)
[ ] deepin-wine32 (@Skywol)
[ ] deepin-wine32-tools (@Skywol)
[ ] deepin-wine-binfmt (@Skywol)
[ ] deepin-wine-helper (@Skywol)
[ ] deepin-wine-plugin (@Skywol)
[ ] deepin-wine-plugin-virtual (@Skywol)
[ ] deepin-wine-uninstaller (@Skywol)
[ ] lib32-freetype2-infinality-ultimate (@Skywol)
[x] emacs-evil (@swordfeng)
[x] emacs-undo-tree (@swordfeng)
[x] gnome-shell-extension-appindicator-git (@swordfeng)
[x] gnome-shell-extension-dash-to-dock-git (@swordfeng)
[x] gnome-shell-extension-dash-to-panel-git (@swordfeng)
[x] google-drive-ocamlfuse (@swordfeng)
[x] libreoffice-extension-languagetool (@swordfeng)
[x] poi (@swordfeng)
[x] zpaq (@swordfeng)
[ ] python-imageio (@Universebenzene)
[ ] python-pywavelets (@Universebenzene)
[ ] cloog (@VOID001)
[ ] gnome-mime-data (@VOID001)
[ ] goocanvas1 (@VOID001)
[ ] isl (@VOID001)
[ ] libbonobo (@VOID001)
[ ] mingw-w64-gcc-base (@VOID001)
[ ] mingw-w64-headers-bootstrap (@VOID001)
[ ] orbit2 (@VOID001)
[ ] osl (@VOID001)
[ ] perl-cpanel-json-xs (@VOID001)
[ ] perl-gnome2-wnck (@VOID001)
[ ] perl-goo-canvas (@VOID001)
[ ] perl-gtk2-imageview (@VOID001)
[ ] perl-gtk2-unique (@VOID001)
[ ] perl-json-maybexs (@VOID001)
[x] alacritty-ligatures-git (@wfxr)
[x] apache-tools (@wfxr)
[x] awesome-git (@wfxr)
[x] bfg (@wfxr)
[x] compton-tryone-git (@wfxr)
[x] dive (@wfxr)
[x] dog-dns-git (@wfxr)
[x] duf (@wfxr)
[x] edex-ui-git (@wfxr)
[x] eva-git (@wfxr)
[x] feroxbuster-git (@wfxr)
[x] neovide-git (@wfxr)
[x] sddm-sugar-dark (@wfxr)
[x] sddm-sugar-light (@wfxr)
[x] termshark-git (@wfxr)
[x] xcolor (@wfxr)
[x] anaconda (@xgdgsc)
[x] cppreference-qt (@xgdgsc)
[x] electronic-wechat (@xgdgsc)
[x] mendeleydesktop (@xgdgsc)
[x] opencv-docs (@xgdgsc)
[x] python-numpy-doc (@xgdgsc)
[x] python-scipy-doc (@xgdgsc)
[x] rstudio-desktop-bin (@xgdgsc)
[ ] 1password (@Xuanwo)
[ ] autojump (@Xuanwo)
[ ] beancount (@Xuanwo)
[ ] canta-kde-git (@Xuanwo)
[ ] cht.sh (@Xuanwo)
[ ] exercism (@Xuanwo)
[ ] fava (@Xuanwo)
[ ] flutter (@Xuanwo)
[ ] insomnia (@Xuanwo)
[ ] intellij-idea-ultimate-edition (@Xuanwo)
[ ] libselinux (@Xuanwo)
[ ] libsepol (@Xuanwo)
[ ] makisu (@Xuanwo)
[ ] ngrok (@Xuanwo)
[ ] nomad (@Xuanwo)
[ ] python-magic-ahupp (@Xuanwo)
[ ] sublime-merge (@Xuanwo)
[ ] swagger-codegen (@Xuanwo)
[ ] teamcity (@Xuanwo)
[ ] teamviewer (@Xuanwo)
[ ] tidb (@Xuanwo)
[ ] tikv-pd (@Xuanwo)
[ ] tikv (@Xuanwo)
[ ] zsh-pure-prompt (@Xuanwo)
[ ] zulip-desktop (@Xuanwo)
[x] android-emulator (@yan12125)
[x] android-platform (@yan12125)
[x] android-sdk-build-tools (@yan12125)
[x] android-sdk-platform-tools (@yan12125)
[x] android-sdk (@yan12125)
[x] android-x86-64-system-image (@yan12125)
[x] c++utilities (@yan12125)
[x] libfm-qt-git (@yan12125)
[x] liblxqt-git (@yan12125)
[x] libqtxdg-git (@yan12125)
[x] libsysstat-git (@yan12125)
[x] lxqt-admin-git (@yan12125)
[x] lxqt-openssh-askpass-git (@yan12125)
[x] lxqt-panel-git (@yan12125)
[x] lxqt-qtplugin-git (@yan12125)
[x] lxqt-sudo-git (@yan12125)
[x] lxqt-themes-git (@yan12125)
[x] pavucontrol-qt-git (@yan12125)
[x] python-pyvisa-py (@yan12125)
[x] python-pyvisa (@yan12125)
[x] qps-git (@yan12125)
[x] wayfire (@yan12125)
[x] xfwm4-theme-breeze (@yan12125)
[x] amule-dlp-git (@ykelvis)
[x] baka-mplayer-git (@ykelvis)
[x] clion (@ykelvis)
[x] emacs-git (@ykelvis)
[x] emacs-native-comp-git (@ykelvis)
[x] ffmpeg3.4 (@ykelvis)
[x] gconf (@ykelvis)
[x] go-for-it-git (@ykelvis)
[x] goland (@ykelvis)
[x] grub2-theme-arch-leap (@ykelvis)
[x] gstreamer0.10-base (@ykelvis)
[x] gstreamer0.10 (@ykelvis)
[x] kindlegen (@ykelvis)
[x] libgccjit (@ykelvis)
[x] linux-mainline (@ykelvis)
[x] makemkv (@ykelvis)
[x] megasync (@ykelvis)
[x] mpdscribble (@ykelvis)
[x] mpv-bash-completion-git (@ykelvis)
[x] netatalk (@ykelvis)
[x] netease-cloud-music (@ykelvis)
[x] obapps (@ykelvis)
[x] obkey-git (@ykelvis)
[x] opera-beta (@ykelvis)
[x] opera-developer (@ykelvis)
[x] pnmixer (@ykelvis)
[x] qtwebkit (@ykelvis)
[x] repacman (@ykelvis)
[x] smartgit (@ykelvis)
[x] spotify (@ykelvis)
[x] system-tools-backends (@ykelvis)
[x] ttf-monaco (@ykelvis)
[x] unagi (@ykelvis)
[x] virtio-win (@ykelvis)
[x] yandex-browser-beta (@ykelvis)
[x] libpdfium-nojs (@ykelvis @DDoSolitary)
[x] screengrab-git (@ykelvis @yan12125)
[x] dhcptest-git (@YuutaW)
[x] adcli (@YuutaW @wfxr)
[ ] comgr (@yuyichao)
[ ] franz (@yuyichao)
[ ] hsakmt-roct (@yuyichao)
[ ] hsa-rocr (@yuyichao)
[ ] libevhtp-seafile (@yuyichao)
[ ] llvm-amdgpu (@yuyichao)
[ ] plib (@yuyichao)
[ ] rocclr (@yuyichao)
[ ] rocm-clang-ocl (@yuyichao)
[ ] rocm-cmake (@yuyichao)
[ ] rocm-device-libs (@yuyichao)
[ ] rocminfo (@yuyichao)
[ ] rocm-opencl-runtime (@yuyichao)
[ ] seafile-client (@yuyichao)
[ ] seafile (@yuyichao)
[x] coursera-dl-git (@zsrkmyn)
[x] nvchecker-git (@zsrkmyn)
[x] picom-git (@zsrkmyn)

aur_pre_build API 支持指定 AUR 维护者已经有一段时间了，不过采用率很不好看。现在我计划将指定 AUR 维护者作为必填，以避免 AUR 包被别人接手后加入恶意或者垃圾代码。

maintainers 参数可以是 str 或者 list[str]，指定信任的 AUR 维护者/最后打包者。如果 lilac 打包时，最后打包者不在这个参数里，将会拒绝打包。请各维护者更新相关包，指定该参数。

There has been some time that the aur_pre_build API supports specifying AUR maintainers. However, it's not widely used. Now I'm going to make it mandatory to specify AUR maintainers to avoid AUR packages with evil or poor code that's added by later adopter.

The maintainers argument can be str or list[str] to specify trusted AUR maintainers / last packagers. When lilac packages, if the last packager is not in this argument, lilac will refuse to package. Please add this argument for your packages!

May 10 '21 11:05 lilydjwg

NOTE: some affected packages are unmaintained:

freeradius-client is depended by ocserv (@farseerfc)
fsharp is depended by monodevelop-stable (@farseerfc)
libpcl is depended by ocserv (@farseerfc)

Some maintainers (perhaps outside contributors) cannot be assigned: @Rasphino, @edward-p, @OriginCode, @xgdgsc, @Xuanwo, @hamkido, @felixonmars, @kaseiwang, @rayfalling, @Universebenzene, @Skywol, @renyuneyun, @farseerfc, @isjerryxiao, @oldherl, @imlonghao, @swordfeng, @ideal, @PeterCxy, @VOID001, @yuyichao, @petronny, @h0cheung, @MarvelousBlack, @zsrkmyn, @megrxu, @berberman, @heavysink, @KenOokamiHoro, @frantic1048, @SilverRainZ, @hubutui, @masakichi, @wfxr, @ykelvis, @poscat0x04, @justforlxz, @yan12125, @YuutaW, @Sasasu

May 10 '21 11:05 lilacbot

呃，那我不想用这个参数怎么办呢，指定None? 我目前还没有遇到需要这种白名单的包，不是觉得这个很有必要。。。

如果真要做的话，估计需要一个脚本直接批量添加现有maintainers，手动改不现实。

May 10 '21 11:05 petronny

shadowsocks-libev-qrcode does not fetch updates from AUR, please remove it from the list.

May 10 '21 12:05 OriginCode

On Mon, May 10, 2021 at 05:02:46AM -0700, Jack Wu wrote:

shadowsocks-libev-qrcode does not fetch updates from AUR, please remove it from the list.

Removed. It was a false positive.

-- Best regards, lilydjwg

May 10 '21 12:05 lilydjwg

On Mon, May 10, 2021 at 04:43:38AM -0700, Jingbei Li wrote:

呃，那我不想用这个参数怎么办呢，指定None? 我目前还没有遇到需要这种白名单的包，不是觉得这个很有必要。。。

防患于未然嘛。

如果真要做的话，估计需要一个脚本直接批量添加现有maintainers，手动改不现实。

嗯，就等人写出来了。

-- Best regards, lilydjwg

May 10 '21 12:05 lilydjwg

Note that pre_build in lilac.yaml does not support arguments; it's just a function name. You'll need to use pre_build_script to write code.

May 10 '21 12:05 lilydjwg

Note that pre_build in lilac.yaml does not support arguments; it's just a function name. You'll need to use pre_build_script to write code.

Fixed. XD

May 10 '21 13:05 OriginCode

Done by https://github.com/archlinuxcn/repo/commit/ce8209a3345eb35b1103e835b12c0f83ed2c9251

May 10 '21 14:05 edward-p

https://github.com/archlinuxcn/repo/commit/ea479e378aecb0b31a32944a605b290115f82f2b

May 10 '21 15:05 axionl

无意冒犯，其实我个人认为这个做法最好是鼓励而不是强制。

如果有稳定maintainer，而且上游代码更新频率低不怎么出问题的包还好。AUR有些包是很不稳定的，经常换maintainer。据我观察，上游大更新导致编译出问题的时候AUR包maintainer的更换频率会大大提升，因为遇到一个编译问题无法解决的话有些maintainer会选择直接弃包让能解决的人上。而如果手动指定maintainer的话会有些不灵活。

至于AUR包被添加恶意代码的问题，这个我个人认为是archlinux AUR本身的监管以及投诉渠道的问题。窃以为这个不该由Archlinuxcn承担。

我比较赞同@petronny，我的话如果AUR包有稳定的maintainer我会添加信任maintainer，但不采用这个参数的包也应该被允许。

May 10 '21 17:05 heavysink

至于AUR包被添加恶意代码的问题，这个我个人认为是archlinux AUR本身的监管以及投诉渠道的问题。窃以为这个不该由Archlinuxcn承担。

由于 AUR 本身是要求用户安装时自己检查和审核打包脚本的安全性，而 Arch CN 源相当于帮用户跳过了这一步骤，那么 Arch CN 就需要对打出的软件包进行基本的检查和审核，所以还是需要承担的 @heavysink

May 10 '21 17:05 BruceZhang1993

由于 AUR 本身是要求用户安装时自己检查和审核打包脚本的安全性，而 Arch CN 源相当于帮用户跳过了这一步骤，那么 Arch CN 就需要对打出的软件包进行基本的检查和审核，所以还是需要承担的

这么说的话，我有了一个新的idea。

能否让lilac在监测到AUR maintainer变了的时候，打包时自己加上一个post_upgrade()，告诉用户这个包的维护者变了，提醒用户注意？这样我们就不用自己检查，让用户去检查就好了。

May 10 '21 17:05 petronny

甚至可以是监测出不仅仅是version bump的那种upgrade的时候都给出提醒。告诉用户这个包最近的更新包含额外改动。

May 10 '21 17:05 petronny

至于AUR包被添加恶意代码的问题，这个我个人认为是archlinux AUR本身的监管以及投诉渠道的问题。窃以为这个不该由Archlinuxcn承担。

由于 AUR 本身是要求用户安装时自己检查和审核打包脚本的安全性，而 Arch CN 源相当于帮用户跳过了这一步骤，那么 Arch CN 就需要对打出的软件包进行基本的检查和审核，所以还是需要承担的 @heavysink

个人觉得不需要审核的是官方源，既然用户选择了第三方源，就需要自己承担一部分责任。Unofficial repo有warning: The official Arch Linux Developers and the Trusted Users do not perform tests of any sort to verify the contents of these repositories. It's your decision whether to trust their maintainers, and you take full responsibility for any consequences of using any unofficial repository.

不知道这么说何不合适...

May 10 '21 17:05 heavysink

@petronny 我觉得不是很理想，首先安装包这个操作本身就不安全了，因为 aur 维护者可以加安装脚本，然后考虑到 archcn 的使用情况，打包者也确实有责任在一定程度上检查 pkgbuild 。

而且相比自己维护包，直接从 aur 拿基本都没啥工作量了，要求在 maintainer 变更的时候检查一下也不过分吧，实际上我经常担心 aur 维护者把包或者是我写在 lilac.py 里的脚本弄坏了，甚至希望可以每当 aur 更新的时候都能够手动检查修改情况再决定是直接打包还是需要修一修。

May 10 '21 17:05 DDoSolitary

@heavysink 警告里也说了，用户自行选择是否相信非官方仓库的维护者，让 archcn 尽可能地成为一个用户可以给予一定信任的仓库总是好的。

May 10 '21 17:05 DDoSolitary

https://github.com/archlinuxcn/repo/commit/8ac49d83ceaa91cb2d2394d24919253ee50fb07f

May 11 '21 00:05 AlynxZhou

e1a3039e86b675bd749ee6ec925958306fb0762c

May 11 '21 01:05 justforlxz

无意冒犯，其实我个人认为这个做法最好是鼓励而不是强制。

如果有稳定maintainer，而且上游代码更新频率低不怎么出问题的包还好。AUR有些包是很不稳定的，经常换maintainer。据我观察，上游大更新导致编译出问题的时候AUR包maintainer的更换频率会大大提升，因为遇到一个编译问题无法解决的话有些maintainer会选择直接弃包让能解决的人上。而如果手动指定maintainer的话会有些不灵活。

至于AUR包被添加恶意代码的问题，这个我个人认为是archlinux AUR本身的监管以及投诉渠道的问题。窃以为这个不该由Archlinuxcn承担。

我比较赞同@petronny，我的话如果AUR包有稳定的maintainer我会添加信任maintainer，但不采用这个参数的包也应该被允许。

主要是還有個問題，由 aur 帶進來的惡意代碼可能會影響到編譯機，之前就是可以從 aur 帶進來一個 lilac.py 和 lilac.yaml（雖然現在不允許了）。