| ▲ | WhyNotHugo 2 hours ago | |||||||
This is one of the aspects of AUR which never fully convinced me: it purely hosts user-generated content, there's no review process or alike. I'd really prefer to see a model where a 'community' repository contains user submitted packages which have at least one Trusted User review the package before it's merged in. This doesn't just prevent malware, but also common mistakes in general. | ||||||||
| ▲ | kpcyrd 2 hours ago | parent | next [-] | |||||||
This is essentially what the [extra] repository is. Not using the AUR and sticking to official Arch Linux packages exclusively is a very valid and reasonable choice (that I follow myself actually). A large number of "an Arch Linux update broke my system" is very likely due to incorrect AUR use that AUR helpers don't handle for you. There's an elaborate writeup here from just 2 months ago: https://lists.archlinux.org/archives/list/arch-dev-public@li... | ||||||||
| ||||||||
| ▲ | carols10cents an hour ago | parent | prev [-] | |||||||
How does a user become a Trusted User? Who is paying them to review everything? | ||||||||