• Flaky@iusearchlinux.fyi
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        8 months ago

        Agreed. There has been cases of malware sneaking its way into the AUR.

        Now it could be avoided by checking PKGBUILDs and I can trust that the reader is checking those (are you, reader? 🤨). But do you have that trust for every user?

        I prefer Void Linux’s way of handling packages, where it all goes through one ultimately trusted git repo that gets packaged up if the license allows it, otherwise using xbps-src. If it was a bit less DIY compared to Arch I’d be hopping onto it tbh.

    • mlg@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      See Fedora has COPR which is like AUR if it were a version specific dead mall which 50% of the time makes you compile from source anyway lol