[Feature] Guard package deletions
This is a feature request for post-port: guard package deletions more heavily.
https://lists.archlinux.org/pipermail/aur-general/2021-September/036555.html says it all.
I propose that we do not allow anybody to delete AUR packages for some time after a request for deletion is made. Additionally, we can notify users when their package has had a deletion request. This way, maintainers have some time to react and this kind of scenario can't happen.
We'd have to modify the Requests page to only show requests after the maintainer's window and add some more enforcement for this within the requests post actions.
Furthermore, this would overall reduce the amount of Requests that end up showing up for Trusted Users (hopefully).
Is this something people would like to see?
Changes in FastAPI; not yet released
- Now, when a user of any kind deletes a package, a PackageRequest is created as owned and accepted by that user automatically.
- All package deletions are now logged out from FastAPI: Which user deleted which package(s).
These two things will allow us to actually keep TUs accountable for their actions. However, I don't believe that even allowing TUs to do this ahead of a maintainer is a very nice system; so, that being said, this issue still needs to be spoken about by more than just @netsysfire and I.