As an arch user, I would always skim the PKGBUILD file of AUR packages to see if they install the software they claim to install from official sources and if there's something obviously fishy.

▲

naturalmovement 2 hours ago | parent | next [-]

The BSDs prevent this by never having allowed random jamokes to upload Makefiles into the ports system.

	▲	embedding-shape 2 hours ago \| parent [-]
		Yeah, I've prevented this locally too by never building such a platform in the first place, always the best solution! Jokes aside and just in case, you do realize ports and AUR have two very different models? Ports is more similar to the official Arch repositories, which obviously doesn't suffer from the same problem, and AFAIK, there is no BSD-equivalent of AUR. BSD is cool and useful for lots of reasons, but comparisons based on misunderstandings helps no one :)

▲

echelon_musk 3 hours ago | parent | prev [-]

I'd be surprised if you did it as a Debian user!