I maintain LyX and its plugins. Since the manifest is already built, the only work is updating the source code and ensuring nothing breaks. I'm not suggesting the development team take over repository maintenance; that would be their decision. What I'm suggesting is that someone on the team verify that there's no malicious intent in the package build. This involves monitoring the package build process through merge requests to the GitHub repository.
-- lyx-devel mailing list [email protected] https://lists.lyx.org/mailman/listinfo/lyx-devel
