Then learn to read the diffs. Most of the time they are changing the version number and package hash which is mundane and nothing to worry about. If more than that changed then that should make you curious why and dig deeper.
Right, and I’m saying that a lot of updates are mundane and easy for anyone to read. And if they aren’t mundane then look into it. Try to learn. The alternative is to run code you don’t understand and hope for the best which didn’t work out for people here. So if you don’t want to try to learn, and you don’t want to blind trust, then the alternative is to not use the AUR.
Like one of the attack vectors was adding a “post install” step that was a bunch of obsfucated gibberish which should’ve been a red flag for anyone, technical acumen or not
Then learn to read the diffs. Most of the time they are changing the version number and package hash which is mundane and nothing to worry about. If more than that changed then that should make you curious why and dig deeper.
I know how, I’m just saying, not everyone has the technical acumen.
Right, and I’m saying that a lot of updates are mundane and easy for anyone to read. And if they aren’t mundane then look into it. Try to learn. The alternative is to run code you don’t understand and hope for the best which didn’t work out for people here. So if you don’t want to try to learn, and you don’t want to blind trust, then the alternative is to not use the AUR.
Like one of the attack vectors was adding a “post install” step that was a bunch of obsfucated gibberish which should’ve been a red flag for anyone, technical acumen or not