2 comments

[ 0.19 ms ] story [ 18.6 ms ] thread
I'm surprised how few domains used in the AUR have actually expired.

I wonder what the numbers would look like if you could see the email address of every contributor and start checking the email domains.

That is an interesting question!

I did a quick search to get a rough answer. Many maintainers/contributors try to obfuscate their email address against this type of parsing, which adds a margin of error.

I was able to find 249 expired domains (used in 626 packages) that are used in a maintainer or contributor email address. Some of these are obvious fakes (e.g. bigbrothergoogle.com), so I reckon the real number is somewhere around the 200 domains.

Of the packages that I checked (manually), many are already orphaned. Some contributors will be listed because they have contributed in the past, but do not have contribution permissions anymore. So how many of these domains will lead to an actual package takeover, will most likely be much lower.