I wonder percentage of Arch users are actually capable of verifying that an AUR package is safe to install.
I doubt that the number is very high, especially with the growing popularity of the distro
In my case you can unironically blame Valve. I wanted an Arch-based distro to stay as close to SteamOS as possible but I have an nvidia GPU for the foreseeable future (unless I win the lottery or something).
It’s a USER repository, where you literally download install files from unverified strangers.
There’s a reason all the AUR helpers prompt you to verify all the files before they will build or install anything.
I wonder percentage of Arch users are actually capable of verifying that an AUR package is safe to install. I doubt that the number is very high, especially with the growing popularity of the distro
This! 👆
These days it’s very small. Most people just wanna use Arch because it’s cool.
While I do wholeheartedly think it’s by far the best distro, I also frequently recommend Mint for newbies if they don’t enjoy learning on their own.
In my case you can unironically blame Valve. I wanted an Arch-based distro to stay as close to SteamOS as possible but I have an nvidia GPU for the foreseeable future (unless I win the lottery or something).
Try CachyOS or just do like me and use their repo + kernel on Arch
Oh yeah that’s what I’m using. Thanks though!
It’s still hosted on archlinux.org.
However “YMMV” the scripts are intended to be, they can’t host throngs of malware on their domain.
…Well, I guess they could if they want to become the next npm, but it still seems like a legal liability.
I’m not saying it should be taken down, but the status quo is definitely no longer acceptable.
THANK YOU!