Comment by Latty

> this is a fundamental problem with the security model of Arch Linux

And with every other OS that isn't locked down so the user can't run arbitrary stuff.

The AUR is just the arch equivalent of downloading a `.exe` installer and running it. Yes, clearly there are security concerns there, but they aren't specific to Arch.

If you want a level of trust, then don't build AUR packages and install things using the package manager (AUR packages aren't supported by it) which have trusted maintainers and are signed.