[Tharre]

Any and all modifications to PKGBUILDs may download something and execute it, that's the very purpose of PKGBUILDs, to download and install new software. I'm sure it would be great to have trusted reviewers look over every update, but the simple reality is that all of this work is done by volunteers and there isn't nearly enough manpower for it.

Maybe doing automated LLM reviews would help, but this is a large infrastructure investment. And it's not clear that it helps at all, after all models are quite vulnerable to prompt-injection type attacks.

[porridgeraisin]

I have LLM operate yay on my machine before installing and read PKGBUILDs and summarise it for me and I look through the weird ones and only then do the actual upgrade. Maybe we can make an aur helper that is wired up to deepseek :D

[tetromino_]

> Any and all modifications to PKGBUILDs may download something and execute it

A normal PKGBUILD should not download anything programmatically. It should rely on the package manager to download the files listed in the PKGBUILD's source array. If a PKGBUILD is running a command to download something not listed in source, that's a sign that something nefarious could be happening, and such a PKGBUILD absolutely requires careful human review.

> all models are quite vulnerable to prompt-injection type attacks

A less than 100% reliable mechanism sure beats the current situation which is "wait for users report on the forum that they have been pwn3d". May I remind that this is the third time AUR-hosted PKGBUILDs have been compromised?

[Hackbraten]

> A normal PKGBUILD should not download anything programmatically. It should rely on the package manager to download the files listed in the PKGBUILD's source array.

This is generally not true. Look at a PKGBUILD of:

- any Node.js package. You'll see that the `prepare` step downloads the entire transitive dependency tree from NPM. (This is because it has a massive number of leaves and no system package maintainer can curate them all (let alone resolve each one to a single version that works across all dependees).

- any Rust program. Rust uses static linking, so publishing a system-level package for each library would be pointless. Therefore, during `prepare`, `cargo fetch` it is.

> A less than 100% reliable mechanism sure beats the current situation which is "wait for users report on the forum that they have been pwn3d". May I remind that this is the third time AUR-hosted PKGBUILDs have been compromised?

Are you going to pay the monthly token bill?

[Tharre]

> If a PKGBUILD is running a command to download something not listed in source, that's a sign that something nefarious could be happening, and such a PKGBUILD absolutely requires careful human review.

First, although I don't disagree with that being how it should work, in a world where everyone relies on npm, cargo, etc. to handle dependencies this scenario is not realistic.

Second and more importantly, it doesn't really change much if it's listed in the sources or not. You can patch a startup file to download something as soon as the program is executed, including checks if it's currently running in a virtual environment. You cannot statically detect that the PKGBUILD contains something like that, antivirus software has been trying to do just that for decades and their detection is still basically useless.

> A less than 100% reliable mechanism sure beats the current situation which is "wait for users report on the forum that they have been pwn3d".

The current situation is users are expected to review PKGBUILDs before they install them. And you're ignoring that implementing any mechanism has a cost. I don't know if it's worth it or not, but it's not unrealistic that it would be a ton of effort for no barely any gain.

[seba_dos1]

> in a world where everyone relies on npm, cargo, etc.

Only certain niches do. No Debian package can connect to the Internet while being built, and the Debian Archive contains vast amounts of software that makes a computer useful.

Reliance on npm, cargo, etc. makes it harder to package certain things, but in general they're the exception rather than the rule.