this is a rather damning incitement against the AUR system
It’s not without good reason that Arch Linux never supported any AUR automation system beyond makepkg. You are supposed to take a good look at the PKGBUILD before you continue.
It’s mostly distros that integrated AUR into their package management that are gnashing their teeth now.
That said, the list of affected packages is mind-bogglingly long and I desperately want to know more about this. Can’t all be completely separate incidents.
Also… yeah, this is a rather damning incitement against the AUR system.
It’s always been “install at your own risk,” but it doesn’t feel like the trust model is sustainable anymore.
It’s not without good reason that Arch Linux never supported any AUR automation system beyond
makepkg. You are supposed to take a good look at the PKGBUILD before you continue.It’s mostly distros that integrated AUR into their package management that are gnashing their teeth now.
That said, the list of affected packages is mind-bogglingly long and I desperately want to know more about this. Can’t all be completely separate incidents.