Comment by westmeal
8 years ago
Doesnt everyone know AUR packages are inherently unsafe? if you wanted to make sure they werent up to something you could read the pkgbuild
8 years ago
Doesnt everyone know AUR packages are inherently unsafe? if you wanted to make sure they werent up to something you could read the pkgbuild
Given the design of most of the AUR "helpers" out there, I would guess that there are a non-trivial amount of users who view the AUR as safe.
Yaourt shows a big fat red warning every time you install a package. It also offers to open PKGBUILD and .install files for inspection.
Yaourt is also unmaintained and unsafe. Please switch to something better.
https://wiki.archlinux.org/index.php/AUR_helpers#Active
1 reply →
It should just show the PKGBUILD every time. If it's not doing anything sketchy it's often only a dozen lines.
2 replies →
Honestly, no, not everyone knows this. Maybe when there was just arch linux and no spinoffs; but manjaro provides an easy path to a rolling-release arch(-like) distribution, and it treats AUR as a first-class citizen in its GUIs. I think there was a popup at some point when an application first accesses AUR that tells you that AUR is unsupported and to go to a wiki to understand it, but I think it could use better messaging. A warning at the header of the AUR section of the package manager gui would be a good start.