• BlackLaZoR@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    6
    ·
    23 days ago

    You’re missing the point entirely. I’m talking about inspecting the scripts not about making packages

    • GameEngineer@infosec.pub
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      2
      ·
      22 days ago

      Sorry if I was unclear. You usually don’t inspect the install scripts for official packages since you put the trust in the official team. You don’t trust(or at least shouldn’t) AUR packages, hence you should inspect the install script for those packages. I don’t really see what the alternative would be.

      • BlackLaZoR@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        7
        ·
        22 days ago

        Well, the alternative would be for moderation team to inspect them, with clear signaling of which scripts are trusted and which aren’t.

        • Kazel@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          22 days ago

          if you dufus can’t read a pkgbuild DON’T USE THE AUR might also keep the shell closed