|
|
|
|
|
|
by JeremyNT
1 day ago
|
|
|
> Or just avoid AUR helpers altogether and inspect/build the packages you need yourself from their PKGBUILDs directly. The AUR helpers actually make it easier to integrate the review step into your workflow IMO; they actively prompt to review and let you know when a change is present since you last accepted the risk. But "AUR considered harmful" is not a novel take. Everybody using it should understand the risk here, it's really just one step removed from curl/bash'ing something you found on StackOverflow. |
|
|