this post was submitted on 28 Feb 2024
-27 points (36.6% liked)
Linux
48376 readers
1701 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
1 If you take an average AUR pkg and read its content (PKGBUILD) the procedure of building an arch like pkg is not very much unlike the practice of building and installing from source as in the old days. The difference is that when a new revision or need for patch, or rebuild due to fresh libraries/dependencies is necessary through your AUR helper you will be notified.
@constantokra
Yes. It is possible to verify what's going on. That's what I did when I used the aur. Do you think most people do that, or even look at see how many users are using the software? Or do you imagine they just install it blindly?
If you ever see a help video or article that suggests installing something from source, or run some script people generally tell the reader that they shouldn't just run random code without looking at it. I've never once seen anything that suggested people should check the pkgbuild. I don't have a problem with the aur. I just think it's not nearly as trustworthy as it's generally made out to be, and I don't think people generally understand that it might even be a concern, or that you can check the validity of the package yourself.
One out of five pkgs in AUR are so unmaintained they don't even build anymore.
Clieaning up junk is more urgent than screening what comes on.
@constantokra