Maybe maintenance of packages shouldn’t just be handed over to newly created accounts. This is a design flaw on AUR’s part.
That is the whole purpose of AUR, users can create and share packages with minimum fuss. That does not mean that it is a good idea to run the code of some random guy on your computer.
But open source has always worked like that, by code sharing and collaboration - on tapes, on FTP servers, on Sourceforge or github and today on codeberg. The way the Arch User Repository (this is AUR spelled out) makes this easy is great!
Just don’t run random code that you don’t understand, and cannot reasonably trust.
Just don’t run random code that you don’t understand
I don’t understand any code so does that mean I shouldn’t use any software? that is 99% of the world.
whole purpose of AUR, users can create and share packages with minimum fuss
This doesn’t take away responsibility away from the Arch team. I can manually review pkgbuilds all day trying to understand no problem but expecting the user to do it every update is stupid. At some point the user will just start to trust that package maintainer. I already mentioned few steps that the Arch team can take in a comment below.
I am not talking about the code. I am talking there are basically zero security measures.
Edit:
Demanding to do more work from volunteers which already do a lot of work for free is rude. If you want something done - do it yourself
Then don’t make the platforms in the first place. This is such a stupid argument. It’s like someone creating a nuke but then ignoring the security measures and telling the rest of the people to take care of it. Genius. Should stop asking people to switch over to Linux as well then. Might as well I should just start bad mouthing and defaming Linux because users are left on their own by a hostile community.
Without the AUR Arch becomes a third world country distro because the official repos have only the basics.
Arch has 17,000 packages and is one of the largest distros. If you want more, you can use Debian, (or maybe NixOS, but you won’t get the same quality).
That is the whole purpose of AUR, users can create and share packages with minimum fuss. That does not mean that it is a good idea to run the code of some random guy on your computer.
But open source has always worked like that, by code sharing and collaboration - on tapes, on FTP servers, on Sourceforge or github and today on codeberg. The way the Arch User Repository (this is AUR spelled out) makes this easy is great!
Just don’t run random code that you don’t understand, and cannot reasonably trust.
I don’t understand any code so does that mean I shouldn’t use any software? that is 99% of the world.
This doesn’t take away responsibility away from the Arch team. I can manually review pkgbuilds all day trying to understand no problem but expecting the user to do it every update is stupid. At some point the user will just start to trust that package maintainer. I already mentioned few steps that the Arch team can take in a comment below.
The Arch team is not responsible for this code.
And to add, demanding to do more work from volunteers which already do a lot of work for free is rude. If you want something done - do it yourself.
I am not talking about the code. I am talking there are basically zero security measures.
Edit:
Then don’t make the platforms in the first place. This is such a stupid argument. It’s like someone creating a nuke but then ignoring the security measures and telling the rest of the people to take care of it. Genius. Should stop asking people to switch over to Linux as well then. Might as well I should just start bad mouthing and defaming Linux because users are left on their own by a hostile community.
Not from AUR.
Without the AUR Arch becomes a third world country distro because the official repos have only the basics.
Arch has 17,000 packages and is one of the largest distros. If you want more, you can use Debian, (or maybe NixOS, but you won’t get the same quality).
And what do you need so many packages for?
Zen Browser, Elecwhat (Whatsapp – which is recommended in Arch Wiki), Razer peripherals drivers, heroic games launcher.