Un leones viviendo en Castilla

  • 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: June 21st, 2023

help-circle

  • That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.


  • Maragato@lemmy.worldtoLinux@lemmy.mlSo I installed Arch Linux... Is this it?
    link
    fedilink
    arrow-up
    12
    arrow-down
    7
    ·
    edit-2
    3 months ago

    Any major Linux distribution has a system for building packages, it’s not something special to Arch. In fact, Arch’s great advantage of the aur repository actually becomes a disadvantage by introducing instability and insecurity into your system when you add programs from that repository. It’s amazing that people criticize Windows security with .exe’s and then install packages from external repositories with the security of “trust in the repository”. How can you trust code with root access to the system just because it’s in the aur repository? That’s the main question I would ask Arch users.