It’s the derivates leeching the arch aur infrastructure and preinstalling aur helpers suggesting it’s safe to use as is.

So, Arch users do not depend on AUR? If so, that’s easy to fix. Just delete any mention of AUR from the Arch wiki.

Yeah you can go with Nix then.

But it is not by chance that Linux is based on Open Source hardeare support. The alternative is something like MacOS.

I think bugs from library \ version incompatibilities are often hard to recognize.

If you are a long-term Windows user, you already know what it looks like - it is called “DLL Hell”.

Nah, Guix is dead simple to use. I even trained my pet octopus to build Guix packages after it got bored with the underwater piano :)

Did you TeX 3.14159265359 ?

Don’t forget that all the Arch users are doing a good part of that testing, too. Arch is a boon to Linux in general.

I never said that GitHub was better.

It is arguably harder to take over a package from github or Codeberg.

You could also serve your PKGBUILD from a Gemini server (the Gemini small-web protocol, not the Google AI which is really easy to administer and secure), and sign it with a PGP key. That would be about as secure without depending on a huge US American company.

Using Linux is not a dick measuring contest (and man I hate these threads asking “why is your distro the best?” - it feels like trolling and sowing division and grief to me. A bit like asking a mother “What is your favorite child?”.)

Using Linux is not a dick measuring contest (and man I hate these threads asking “why is your distro the best?” - it feels like trolling and sowing division and grief to me. A bit like asking a mother “What is your favorite child?”.)

But apart from that, I think we can all agree that security of AUR packages is no good enough, and that this deficit is by design.

Anyone can publish his PKGBUILD script on their codeberg or github page.

I didn’t knew that before either. I always installed to /usr/local .

I do not understand the whole sentence, can you explain?

Some good advice on installing foreign packages to Debian, and how to keep it functional and secure. Much of it applies to other Linux distrbutions as well.

Updated link to the Guix home page: https://guix.gnu.org/

Updated link to the Guix home page: https://guix.gnu.org/

Updated link to the Guix home page: https://guix.gnu.org/

Yeah, this lemmy webui seems to have a bug/race condition under Sailfish browser, leading to new posts being sent twice. I already removed the other post.

Some good advice on installing foreign packages to Debian, and how to keep it functional and secure. Much of it applies to other Linux distrbutions as well.

Good advice on installing foreign packages to Debian, and how to keep it functional and secure.

Most of your suggestions are probably a good idea for the future, but they are not really a solution for a potentially infected system right now.

The only solution for an infected system is to re-install it from scratch, because the integrity of the system is broken. And without any AUR packages, because they can’t be secured in the current form.