There’s been malware in the past, not only that - AUR is user submitted. It’s in the name. They warn you to double check what you’re installing. It is functionally similar to running a random installer you found on GitHub.
It seems like these instances are being intentionally blown out of proportion, but I don’t see what there is to gain by doing that.
I don’t want to say stupid things, but I have so many theories. I check the shit out of a package before installing it. I even go to the GitHub page and make sure of things.
It’s an obvious vector for malware, arch by default doesn’t come with it, and users have been warned the entire time to check pkgbuild. There’s nothing fishy, it’s just that arch has enough users to be worth it to hit it.
I smell something fishy going on. I’ve been using the AUR for a long time and I’m now just hearing of malware?
There’s been malware in the past, not only that - AUR is user submitted. It’s in the name. They warn you to double check what you’re installing. It is functionally similar to running a random installer you found on GitHub.
It seems like these instances are being intentionally blown out of proportion, but I don’t see what there is to gain by doing that.
So basically how Windows users have been acquiring their software for the last 30 years.
I don’t want to say stupid things, but I have so many theories. I check the shit out of a package before installing it. I even go to the GitHub page and make sure of things.
The AUR is made up of user packages
It isn’t crazy that malware made it in. It is very much a “user at your own risk.” Packages are reviewed but sometimes things slip in.
yeah, you get choice, and its better than a random closed exe in windows.
Some people have really odd expectations of “free” and “open”.
Is there a choosingbeggars community to repost this to?
Just make sure the aur wears a condom when it’s going to fuck you, like your mother told you.
It’s an obvious vector for malware, arch by default doesn’t come with it, and users have been warned the entire time to check pkgbuild. There’s nothing fishy, it’s just that arch has enough users to be worth it to hit it.