Comment by tombert
8 years ago
I mean, is this new information? I always look at the upvotes on the package to see if it has been tested.
8 years ago
I mean, is this new information? I always look at the upvotes on the package to see if it has been tested.
You should read the PKGBUILD, even on upgrades. In this case the bad guy took over an orphaned package (with 853 votes) and updated it. You could have looked at the upvotes 5 years ago and blindly upgraded to his new version last week.
Yeah it would be better if the packages had all-time upvotes as well as “upvotes for this version”.
Honestly, I don't see this happening.
Many packages use rolling versions from git commits, so while the PKGBUILDs don't get updated, any time a user re-runs makepkg on that PKGBUILD the latest commit is pulled and built.
In those cases, a PKGBUILD might be months or years old, but still consistently up to date and valid.
Not a great idea. Upvotes don't really tell you shit about testing, quality, or trust. I mean how many votes does acroread have (hint: a lot). The votes is merely to give arch some idea of how popular an AUR package is so that it can be absorbed officially.I have had a few of my AUR packages scooped up this way. Voting may indirectly indicate that the package is useful, but it doesn't say the thing doesn't contain malware nor does it indicate that the script is poorly written for other reasons. I orphaned a few quite popular AUR entries with high vote counts. The counts don't magically go away, and at that point anybody on the internet is free to adopt it.