|
|
|
|
|
|
by helterskelter
3 days ago
|
|
|
This is why I avoid AUR, it's too easy to become complacent. If I really want something from AUR I literally just look at the PKGBUILD for compilation instructions and do it manually by myself, but if it's got so many patches or dependencies that I can't go through them all by hand I just find another solution or do without. This is also why I really dislike a lot of modern languages with automated fetching of dependencies. It really fosters a sloppy attitude toward your supply chain because it's just too damned convenient. With a reasonably sized Go project for instance, you may be pulling in code from dozens of different git repos. It only takes one compromised repo or malicious package to sink the ship. |
|
|