seafox
commented
6 years ago Start reading here
Closed axb993 closed 6 years ago
axb993
commented
6 years ago @seafox Thank you, suppose I should close this then. Extremely disappointing though, completely banning the package because it can be used carelessly is nonsensical to me, by that logic pacman should be banned for allowing --force...
If disclaimers were added to each of these functions explaining what they do and why they are discouraged, only proceeding if the user acknowledges the risks, their "harmful behavior" argument would be invalid if I'm understanding their reasoning correctly, instead educating users that aren't aware of the function's risks while still allowing users to take said risks for whatever reason. (eg. DANGER! This installs packages without verifying their signatures. Without signature verification there is no guarantee that the downloaded package is legitimate, potentially letting attackers replace the package with whatever they wish. THIS OPTION IS HIGHLY DISCOURAGED AND MAY DAMAGE YOUR SYSTEM, USE AT YOUR OWN RISK. Continue?)
I don't see how that could be considered "actively harmful", "potentially harmful" sure but many tools are, functionality shouldn't be restricted to cater to those careless enough to ignore the warnings. Otherwise, if this change still doesn't meet their standards, maybe these options could be disabled by default, requiring users to manually set an environment variable or flag to allow potentially damaging functions? If making users go out of their way to specify "Yes, I understand this could destroy my installation" isn't enough I doubt anything would be, there's a point where the user has to be held responsible.
/my2cents
excalibur1234
commented
6 years ago please feel free to open an issue about any of the "bad stuff" (why pacui got kicked out of the AUR).
however, PLEASE DO NOT argue like "this behavior is strongly discouraged by arch linux / pacman". i already know why beginners are discouraged from using certain functionality! instead, describe a situation in which a certain part of pacui's code can actually be harmful. then, i am glad to implement more secure code (or accept your tips or pull request doing the same).
when i first heard criticism, i did my best to describe pacui's behavior and ask for suggestions about improving pacui's code without losing too much functionality. unfortunately, i have not received any suggestions how the situation can be improved. instead, that post got used as prove pacui uses partial updates in the next round of criticism.
freed00m
commented
3 years ago Forum archived, the new link https://archived.forum.manjaro.org/t/pacui-removed-from-aur/54716
Not sure if you're already aware of this, I just found this package so no clue when it happened but the pacui-git page is still in Google's cache so it must have been recent. Hope this is the right place to tell you this.