• @okamiueru
    link
    210 months ago

    If you’re actually vetting PKGBUILD, I don’t think there is a single one I’ve installed that doesn’t download some blob. There is no way of knowing if it’s OK, unless you also sift through that. I don’t think anyone does. I certainly don’t.

    • @Deckweiss
      link
      1
      edit-2
      10 months ago

      Most of mine download source and compile it or plain scripts like python/bash and move them some place.

      If it is a -bin, I check the url and checksum to be sure that it comes from the official source and obviously I do not install software from companies that I do not trust. (and yes, every update. I have a dedicated timeslot in my calendar for that)

      I don’t know what type of blob you mean which would require any additional treatment like.