|
|
|
|
|
|
by Matl
4 days ago
|
|
|
Some things I try to check for - sources array has sources that don't correlate to the package name/purpose or are from strange places, like github repos that don't seem relevant etc. - extensive post install scripts suggesting it's doing a lot more than is normal But those are very crude, I wonder if an AUR helper could optionally consult a local LLM to review a PKGBUILD before installing these days... |
|
|
i wouldn't necessarily trust a repo that does seem relevant either. it's trivial to put any data you want at a url which, at a glance, appears to legitimately belong to any repo you can fork.