Why would you trust the AUR?

>>56035818
open sores

>>56035818
Because it's literally the same thing as building packages on your own if you look at the pkgbuilds. Verify the dependency sources and you're fine.

>>56035818
I wouldn't, I have no interest becoming a part of some script-kiddie's botnet

>>56035835
You're reading the source code before you install?

>>56035980
Learn how to read scripts

If a package is updated I trust it

>>56036077
And why would you assume I can't?

If you're a long time user and you're familiar with who the package maintainers are, it's fine. If you're new to Arch or a derivative, it's kind of dangerous. For example, you're looking for a printer driver and the manufacturer isn't putting things directly into the AUR, so you're running a port done by some random with no way to validate it unless you actually read the scripts and code.

>>56036100
Because you can't audit imstall scripts

>>56036174
That's a wrong-headed conclusion

>>56035818
I don't. I always use quality packages that build by trusted maintainer and audited by other developers.

>>56036215
Nope

>>56035980
This guy gets it.

>>56035985
No, but somebody must've. Right?

>>56035818
Might as well if you're already trusting an OS made and maintained by random neckbeards on the Internet.

>>56036958
still better than trusting pajeet.

>>56035818
I know how to read pkgbuilds so I have no issues with it

>>56037312
how do you read a pkgbuild anonkun?

>>56037383
In the AUR

>>56035818
because

also https://thehackernews.com/2016/08/linux-tcp-packet-hacking.html

>>56037595
Prajeet it's been fixed before you even knew. Stop trying this hard and fix your uefi

File: vulnerablities.jpg (90KB, 1200x676px) Image search: [Google]

90KB, 1200x676px

>>56037595
>implying

>>56039537
That chart is intentionally manipulated to make microsoft look bad. It compares top 50 products so the 50 most exploitable microsoft products are compated to the top 50 linux products which is just linux. However I don't doubt that there ate more vulnerabilities in windows, just that this chart is intentionally manipulative.

>>56035818
because I understand how PKGBUILDs work

>>56035818
1. There is a voting system, so if someone finds malicious code, it will get reported
2. I can read the pkgbuild, it is usually very short and easy to read, so why wouldn't I?
3. It is no more unsafe than compiling from source myself, this is just more convenient.
4. I don't use it for everything.

This is why you should use Debian or Ubuntu. Having a company responsible makes the risk low.

>>56040586
*place for friendly reminder about one big company fucking up secure boot*

>>56035818
I can't unsee the fat man.

>>56040544
Yeah right lol a build breaks and its probably like a 2 line syntax change with verbose instructions on how to fix it and AUR is full of 40 skiddy comments on how to install and link old versions of GCC to fix it.

>>56035818
That is great question but better one is why would you trust anyone? For all you know even appstore apps in OSX contain malware. You cant know anything outside yourself hence you cant trust anything.

File: Neckbeards.png (127KB, 345x337px) Image search: [Google]

127KB, 345x337px

>I use Arch Linux