Why would you trust the AUR?
Why would you trust the AUR?
Other urls found in this thread:
thehackernews.com
twitter.com
open sores
Because it's literally the same thing as building packages on your own if you look at the pkgbuilds. Verify the dependency sources and you're fine.
I wouldn't, I have no interest becoming a part of some script-kiddie's botnet
You're reading the source code before you install?
Learn how to read scripts
If a package is updated I trust it
And why would you assume I can't?
If you're a long time user and you're familiar with who the package maintainers are, it's fine. If you're new to Arch or a derivative, it's kind of dangerous. For example, you're looking for a printer driver and the manufacturer isn't putting things directly into the AUR, so you're running a port done by some random with no way to validate it unless you actually read the scripts and code.
Because you can't audit imstall scripts
That's a wrong-headed conclusion
I don't. I always use quality packages that build by trusted maintainer and audited by other developers.
Nope
This guy gets it.
No, but somebody must've. Right?
Might as well if you're already trusting an OS made and maintained by random neckbeards on the Internet.
still better than trusting pajeet.
I know how to read pkgbuilds so I have no issues with it
how do you read a pkgbuild anonkun?
In the AUR
Prajeet it's been fixed before you even knew. Stop trying this hard and fix your uefi
>implying
That chart is intentionally manipulated to make microsoft look bad. It compares top 50 products so the 50 most exploitable microsoft products are compated to the top 50 linux products which is just linux. However I don't doubt that there ate more vulnerabilities in windows, just that this chart is intentionally manipulative.
because I understand how PKGBUILDs work
1. There is a voting system, so if someone finds malicious code, it will get reported
2. I can read the pkgbuild, it is usually very short and easy to read, so why wouldn't I?
3. It is no more unsafe than compiling from source myself, this is just more convenient.
4. I don't use it for everything.
This is why you should use Debian or Ubuntu. Having a company responsible makes the risk low.
*place for friendly reminder about one big company fucking up secure boot*
I can't unsee the fat man.
Yeah right lol a build breaks and its probably like a 2 line syntax change with verbose instructions on how to fix it and AUR is full of 40 skiddy comments on how to install and link old versions of GCC to fix it.
That is great question but better one is why would you trust anyone? For all you know even appstore apps in OSX contain malware. You cant know anything outside yourself hence you cant trust anything.
>I use Arch Linux