new | ask | show | jobs
VladVladikoff 5 hours ago  [ - ]

>You have to review the source of every PKGBUILD from the AUR you install, full stop

Believing that even a small fraction of users actually do this is deeply detached from reality.

darkwi11ow 4 hours ago  [ - ]

I use Arch on my dev qemu VM and actually review all changes all the time.

It is not that hard with small amount of pkgbuilds:

  find ~/.cache/yay -maxdepth 1 -type d
  /home/virt/.cache/yay
  /home/virt/.cache/yay/google-chrome
  /home/virt/.cache/yay/ngrok
  /home/virt/.cache/yay/rancher-k3d-bin
  /home/virt/.cache/yay/simplescreenrecorder
  /home/virt/.cache/yay/ttf-comfortaa
  /home/virt/.cache/yay/cursor-bin
  /home/virt/.cache/yay/yay
  /home/virt/.cache/yay/volta-bin
worble an hour ago  [ - ]

And most people don't ever check their car oil.

The point is that the onus is on you to do it, and if you don't then the consequences are yours to bear. Personal responsibility seems to be in short supply these days.