I'm curious about the safety of using the Arch User Repository (AUR) in Arch Linux. Are there any specific concerns regarding security when downloading packages from AUR, especially since they are uploaded by users? What precautions should I take if I decide to use it?
4 Answers
Using the AUR is kinda like downloading stuff from random people online. If you’re not careful, it can be risky. The best practice is to really read through the PKGBUILD files and understand where the source files come from. If you can audit them properly, then it can be pretty safe! Just be diligent and cautious with what you install.
There are definitely some horror stories about malware found in the AUR, so it's not as safe as the official repos. You really should read the Arch Wiki before diving in. Just keep in mind that not everything in the AUR is verified, so tread carefully and check for reputable packages.
While using the AUR, you're taking a bit of a gamble. Just like any open-source project, the safety really depends on how many people are contributing and checking. If possible, it’s often safer to go with AppImages or Flatpaks instead, since they tend to have better security features.
Honestly, if you’re not experienced with building packages or unsure about what you’re doing, it’s best to avoid the AUR. There have been many reports of malicious packages. But if you really need something not found anywhere else, make sure it's a reputable package and do your homework first!
Exactly! Always look for user feedback and history of the package before diving in.
Totally agree. AUR can be useful, but it’s essential to double-check the install scripts and look for any red flags, especially since the Arch maintainers don't audit the packages.