The onus here is on Arch-based distros that decide this vast collection of build scripts equals a software repo, is a good “selling” point, and decide to integrate it into the distro or even the package management.
All that said, the AUR is not the only user repo that is plagued. These sort of malware attacks need to be addressed somehow.
Well damn, I wouldn’t have expected that average arch users needed to know how to assess pkgbuilds given how enthusiastically arch users have been trying to sell the distro to first time linux users and other newbies.
It is Archlinux’ mission statement that its average user knows how to do such things. The installation process is based on handling PKGBUILDS. AUR helpers are explicitely unsupported.
The onus here is on Arch-based distros that decide this vast collection of build scripts equals a software repo, is a good “selling” point, and decide to integrate it into the distro or even the package management.
All that said, the AUR is not the only user repo that is plagued. These sort of malware attacks need to be addressed somehow.
Well damn, I wouldn’t have expected that average arch users needed to know how to assess pkgbuilds given how enthusiastically arch users have been trying to sell the distro to first time linux users and other newbies.