I've been wondering about the Arch User Repository (AUR) and its safety. Is it really safe to use, considering that it allows downloads from various users? What precautions should I take if I decide to use it?
5 Answers
I tend to avoid the AUR because I've heard horror stories about it. While some users swear by it, I'd recommend starting with the Arch Wiki. It's more secure than some shady download sites, but not as safe as the official repositories.
Using the AUR comes with some risks since you're downloading packages from random users on the internet. It's essential to only trust packages from reputable sources and always read the PKGBUILD files before installation. If you're cautious and do your research, it can be relatively safe.
Yes, there have been Malware incidents in the AUR before, so it's important to be careful. If you have alternatives like Flatpak or AppImage, you might want to stick with those instead for added security.
While some malware attempts in the AUR have been caught quickly, there are still risks involved. Always treat the AUR with caution—verify what you're installing and stay informed.
The AUR isn't audited by the Arch team, so there's always a risk of malicious packages. It's handy for fetching software not available in official repos, but make sure you check the install scripts and only use well-reviewed packages.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux