Why would you trust the AUR?
Why would you trust the AUR?
Henry Richardson
Other urls found in this thread:
thehackernews.com
twitter.com
Oliver James
open sores
Angel Collins
Because it's literally the same thing as building packages on your own if you look at the pkgbuilds. Verify the dependency sources and you're fine.
Henry Thompson
I wouldn't, I have no interest becoming a part of some script-kiddie's botnet
Gavin James
You're reading the source code before you install?
Christopher Bell
Learn how to read scripts
Jose Martinez
If a package is updated I trust it
Lincoln Reed
And why would you assume I can't?
Brandon Allen
If you're a long time user and you're familiar with who the package maintainers are, it's fine. If you're new to Arch or a derivative, it's kind of dangerous. For example, you're looking for a printer driver and the manufacturer isn't putting things directly into the AUR, so you're running a port done by some random with no way to validate it unless you actually read the scripts and code.
Ian Fisher
Because you can't audit imstall scripts
Kevin Evans
That's a wrong-headed conclusion
Aiden Rivera
I don't. I always use quality packages that build by trusted maintainer and audited by other developers.
Zachary Nguyen
Nope
Caleb Harris
This guy gets it.
Luis Price
No, but somebody must've. Right?
Ayden Myers
Might as well if you're already trusting an OS made and maintained by random neckbeards on the Internet.
Kayden Stewart
still better than trusting pajeet.
Noah Rogers
I know how to read pkgbuilds so I have no issues with it
Gabriel Rivera
how do you read a pkgbuild anonkun?
Xavier Hernandez
In the AUR
Cooper Howard
Robert Butler
Prajeet it's been fixed before you even knew. Stop trying this hard and fix your uefi
Jackson Moore
>implying
Charles Young
That chart is intentionally manipulated to make microsoft look bad. It compares top 50 products so the 50 most exploitable microsoft products are compated to the top 50 linux products which is just linux. However I don't doubt that there ate more vulnerabilities in windows, just that this chart is intentionally manipulative.
Joseph Morris
because I understand how PKGBUILDs work
Justin Walker
1. There is a voting system, so if someone finds malicious code, it will get reported
2. I can read the pkgbuild, it is usually very short and easy to read, so why wouldn't I?
3. It is no more unsafe than compiling from source myself, this is just more convenient.
4. I don't use it for everything.
Brody Ross
This is why you should use Debian or Ubuntu. Having a company responsible makes the risk low.
Landon Allen
*place for friendly reminder about one big company fucking up secure boot*
Josiah Lewis
I can't unsee the fat man.
Elijah Jackson
Yeah right lol a build breaks and its probably like a 2 line syntax change with verbose instructions on how to fix it and AUR is full of 40 skiddy comments on how to install and link old versions of GCC to fix it.
Austin King
That is great question but better one is why would you trust anyone? For all you know even appstore apps in OSX contain malware. You cant know anything outside yourself hence you cant trust anything.
Landon Parker
>I use Arch Linux