For every single update, for all your AUR packages, all the time.
You know that thing where if you make a security review feature obnoxious, after some time people will just accept everything without even looking? Yeah...
> For every single update, for all your AUR packages, all the time.
Yes, that's what I used to do when I ran Arch. It's usually easy. The PKGBUILD is usually small to begin with and the difference for a new version should normally be something like the URL and the version number and not much else, so you can just diff it against the old version.
You are thinking of the alarm fatigue[1], but it doesn't apply here -- there are no constant alerts warning that you are doing something dangerous to the point you get desensitized and start to ignore them. The correct analogy here are checklists -- things that you need to check if you are to do this "dangerous" activity (AUR usage), akin to pre-flight checklist.
The canonical answer to any concerns with the AUR is always “just read the PKGBUILDs bro”
For every single update, for all your AUR packages, all the time.
You know that thing where if you make a security review feature obnoxious, after some time people will just accept everything without even looking? Yeah...
> For every single update, for all your AUR packages, all the time.
Yes, that's what I used to do when I ran Arch. It's usually easy. The PKGBUILD is usually small to begin with and the difference for a new version should normally be something like the URL and the version number and not much else, so you can just diff it against the old version.
5 replies →
You are thinking of the alarm fatigue[1], but it doesn't apply here -- there are no constant alerts warning that you are doing something dangerous to the point you get desensitized and start to ignore them. The correct analogy here are checklists -- things that you need to check if you are to do this "dangerous" activity (AUR usage), akin to pre-flight checklist.
[1] https://en.wikipedia.org/wiki/Alarm_fatigue
3 replies →
Most people should just be using debian stable really.