• GameEngineer@infosec.pub
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    24 days ago

    Sorry if I was unclear. You usually don’t inspect the install scripts for official packages since you put the trust in the official team. You don’t trust(or at least shouldn’t) AUR packages, hence you should inspect the install script for those packages. I don’t really see what the alternative would be.

    • BlackLaZoR@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      7
      ·
      24 days ago

      Well, the alternative would be for moderation team to inspect them, with clear signaling of which scripts are trusted and which aren’t.

      • Kazel@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        23 days ago

        if you dufus can’t read a pkgbuild DON’T USE THE AUR might also keep the shell closed