| ▲ | ptx an hour ago | |||||||
> For every single update, for all your AUR packages, all the time. Yes, that's what I used to do when I ran Arch. It's usually easy. The PKGBUILD is usually small to begin with and the difference for a new version should normally be something like the URL and the version number and not much else, so you can just diff it against the old version. | ||||||||
| ▲ | streb-lo 23 minutes ago | parent | next [-] | |||||||
paru presents all pkgbuild diffs to you before installing, that's what I use to read them. I usually only use AUR to install trusted pre-compiled binary packages, the scripts are very simple and the only thing that should ever change is the url and the sha256 | ||||||||
| ▲ | hootz an hour ago | parent | prev [-] | |||||||
I do it too, but I can see why this can be a problem for users. There should be an "official" scan for potentially malicious changes. I use a third party AUR scanner to help me with this. | ||||||||
| ||||||||