I just run paru when I do system upgrades. Very convenient to have one command doing everything in a somewhat safe way.
Of course, inspecting the PKGBUILDs still doesn’t protect us from having the actual software repositories compromised. Just because only the source hash changed doesn’t mean the software doesn’t have malware now.
That’s where I draw the line regarding trust. I don’t feel like going into to each release of each AUR package I have installed to check code to see if malware was injected. 😅
Paru shows you the diffs by default.
I just run
paruwhen I do system upgrades. Very convenient to have one command doing everything in a somewhat safe way.Of course, inspecting the PKGBUILDs still doesn’t protect us from having the actual software repositories compromised. Just because only the source hash changed doesn’t mean the software doesn’t have malware now.
That’s where I draw the line regarding trust. I don’t feel like going into to each release of each AUR package I have installed to check code to see if malware was injected. 😅