Then learn to read the diffs. Most of the time they are changing the version number and package hash which is mundane and nothing to worry about. If more than that changed then that should make you curious why and dig deeper.
Right, and I’m saying that a lot of updates are mundane and easy for anyone to read. And if they aren’t mundane then look into it. Try to learn. The alternative is to run code you don’t understand and hope for the best which didn’t work out for people here. So if you don’t want to try to learn, and you don’t want to blind trust, then the alternative is to not use the AUR.
Like one of the attack vectors was adding a “post install” step that was a bunch of obsfucated gibberish which should’ve been a red flag for anyone, technical acumen or not
You don’t need to be a developer to read diffs and package builds. I have memory and cognitive impairment and manage fine. I’m also not remotely into software programming.
Even if you aren’t a dev, any user that chooses to use the aur should do their due diligence. There is a reason why I prefer flatpacks over aur, I don’t want to have to check diff’s every update.
And if you’re not a developer?
Then don’t use an automatic AUR helper. Use chaotic aur if you must. Or use aurto
Then learn to read the diffs. Most of the time they are changing the version number and package hash which is mundane and nothing to worry about. If more than that changed then that should make you curious why and dig deeper.
I know how, I’m just saying, not everyone has the technical acumen.
Right, and I’m saying that a lot of updates are mundane and easy for anyone to read. And if they aren’t mundane then look into it. Try to learn. The alternative is to run code you don’t understand and hope for the best which didn’t work out for people here. So if you don’t want to try to learn, and you don’t want to blind trust, then the alternative is to not use the AUR.
Like one of the attack vectors was adding a “post install” step that was a bunch of obsfucated gibberish which should’ve been a red flag for anyone, technical acumen or not
You don’t need to be a developer to read diffs and package builds. I have memory and cognitive impairment and manage fine. I’m also not remotely into software programming.
Even if you aren’t a dev, any user that chooses to use the aur should do their due diligence. There is a reason why I prefer flatpacks over aur, I don’t want to have to check diff’s every update.