Comment by Skunkleton
8 years ago
Given the design of most of the AUR "helpers" out there, I would guess that there are a non-trivial amount of users who view the AUR as safe.
8 years ago
Given the design of most of the AUR "helpers" out there, I would guess that there are a non-trivial amount of users who view the AUR as safe.
Yaourt shows a big fat red warning every time you install a package. It also offers to open PKGBUILD and .install files for inspection.
Yaourt is also unmaintained and unsafe. Please switch to something better.
https://wiki.archlinux.org/index.php/AUR_helpers#Active
Oh wow. I was not aware, thanks for letting me know!
It should just show the PKGBUILD every time. If it's not doing anything sketchy it's often only a dozen lines.
aurman does a good job. It caches the old PKGBUILD and lets you view diffs. Still, reviewing a PKGBUILD is a non-trivial process.
1 reply →