I wonder percentage of Arch users are actually capable of verifying that an AUR package is safe to install.
I doubt that the number is very high, especially with the growing popularity of the distro
In my case you can unironically blame Valve. I wanted an Arch-based distro to stay as close to SteamOS as possible but I have an nvidia GPU for the foreseeable future (unless I win the lottery or something).
It’s a USER repository, where you literally download install files from unverified strangers.
There’s a reason all the AUR helpers prompt you to verify all the files before they will build or install anything.
I wonder percentage of Arch users are actually capable of verifying that an AUR package is safe to install. I doubt that the number is very high, especially with the growing popularity of the distro
These days it’s very small. Most people just wanna use Arch because it’s cool.
While I do wholeheartedly think it’s by far the best distro, I also frequently recommend Mint for newbies if they don’t enjoy learning on their own.
In my case you can unironically blame Valve. I wanted an Arch-based distro to stay as close to SteamOS as possible but I have an nvidia GPU for the foreseeable future (unless I win the lottery or something).
Try CachyOS or just do like me and use their repo + kernel on Arch
Oh yeah that’s what I’m using. Thanks though!
This! 👆
It’s still hosted on archlinux.org.
However “YMMV” the scripts are intended to be, they can’t host throngs of malware on their domain.
…Well, I guess they could if they want to become the next npm, but it still seems like a legal liability.
I’m not saying it should be taken down, but the status quo is definitely no longer acceptable.
THANK YOU!