I think I’d be satisfied with just not allowing people to take over orphaned packages. That seems like a glaring attack vector and closing it would not harm the AUR in any way.
And yea, arch (and its derivatives) probably should not ship with AUR helpers pre-installed.
arch doesn’t ship an aur helper pre installed. It’s the derivates leeching the arch aur infrastructure and preinstalling aur helpers suggesting it’s safe to use as is
The Arch Wiki describes the AUR in plain terms: it’s a user-submitted community repository of software, not warranted to be safe or even vetted by Arch maintainers, packaged to be friendly with pacman.
If you’re doing things the “Arch way” the differences between the AUR and officially supported packages should be obvious, and you should at the very least skim the PKGBUILD files to understand where things are coming from and how they work.
I think I’d be satisfied with just not allowing people to take over orphaned packages. That seems like a glaring attack vector and closing it would not harm the AUR in any way.
And yea, arch (and its derivatives) probably should not ship with AUR helpers pre-installed.
arch doesn’t ship an aur helper pre installed. It’s the derivates leeching the arch aur infrastructure and preinstalling aur helpers suggesting it’s safe to use as is
So, Arch users do not depend on AUR? If so, that’s easy to fix. Just delete any mention of AUR from the Arch wiki.
The Arch Wiki describes the AUR in plain terms: it’s a user-submitted community repository of software, not warranted to be safe or even vetted by Arch maintainers, packaged to be friendly with pacman.
If you’re doing things the “Arch way” the differences between the AUR and officially supported packages should be obvious, and you should at the very least skim the PKGBUILD files to understand where things are coming from and how they work.
Thanks for the clarification. I am relatively new to arch.