• @ikidd
      link
      English
      499 months ago

      I love the AUR as much as the next guy, but audited, it ain’t.

      • @[email protected]
        link
        fedilink
        English
        5
        edit-2
        9 months ago

        Agreed. There has been cases of malware sneaking its way into the AUR.

        Now it could be avoided by checking PKGBUILDs and I can trust that the reader is checking those (are you, reader? 🤨). But do you have that trust for every user?

        I prefer Void Linux’s way of handling packages, where it all goes through one ultimately trusted git repo that gets packaged up if the license allows it, otherwise using xbps-src. If it was a bit less DIY compared to Arch I’d be hopping onto it tbh.

    • @mlg
      link
      English
      29 months ago

      See Fedora has COPR which is like AUR if it were a version specific dead mall which 50% of the time makes you compile from source anyway lol