[hurricanepootis]

I wish Arch could learn some lessons from NixOS packaging. One thing that really bothers me about Arch is how many pain points there are in the packaging tooling. Furthermore, I wish AUR packagers used utilities like namcap and chroot building to check their packages before pushing their slop onto the AUR; whenever I use new software from the AUR, I check the PKGBUILD to see how well it was made.

[k_g_b_]

Compared to other Linux distribution's package tooling Arch's is pretty nice and painless, I think.

Agreed with namcap/chroot - I think there should be even more mandatory checks on pushing stuff to AUR. But even so - regarding your last point: you absolutely need to check all PKGBUILDs from AUR or potentially get malware.

https://bertptrs.nl/2026/01/30/how-to-review-an-aur-package.... is a nice recent article by one of the maintainers that follows up on last year's AUR malware.

The final point sums it up, though: the AUR was built without the security mechanisms - technical and social - we want and need today.

[craftkiller]

Back when I used arch, I would use aurutils which has a flag for building the packages in a chroot. It won't prevent bad PKGBUILDs from being written, but at least they'll fail to build on your machine! aurutils was also nice since it creates a regular pacman repo, so you end up installing the final built packages the same way you install any other package.