You are not logged in.
Is downloading source code from AUR and ABS as secure as official repo? As far as I know, PKGBUILDs from AUR can be uploaded by anyone while ABS and official repo(extra, community etc...) can only be uploaded by authorized users.
Offline
I would venture that the official repositories are safer than the AUR. There are technical controls in place to ensure you run what the developers and TUs put in place. Anyone can put anything in the AUR. That is specifically why you should audit any AUR package before you install it. AUR packages could be deliberately belligerent, or they could suffer by having someone who is clueless writing them.
OTOH, I always audit things I load from the AUR. I never audit things from core, extra, or even community. I guess I trust the developers. I also guess I trust the TUs. Do you?
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
Thanks. Sounds like I can't install lots of packages without spending lots of time on it.
I would venture that the official repositories are safer than the AUR. There are technical controls in place to ensure you run what the developers and TUs put in place. Anyone can put anything in the AUR. That is specifically why you should audit any AUR package before you install it. AUR packages could be deliberately belligerent, or they could suffer by having someone who is clueless writing them.
OTOH, I always audit things I load from the AUR. I never audit things from core, extra, or even community. I guess I trust the developers. I also guess I trust the TUs. Do you?
Offline
Always read the PKGBUILD before running `makepkg`
Offline
[pedantic]Source code is never downloaded from the AUR or ABS, it's downloaded from the locations specified in the source array in the PKGBUILD.[/pedantic]
Last edited by Slithery (2016-01-23 12:23:08)
Offline