- 13 days
Maybe this is a good time to try and get the top 10% of aur into official repos or 3rd party repos
- underscores@lemmy.zipEnglish13 days
ok, time to completely stop using AUR.
I’ll only manually git clone packages
- 12 days
Nah, just curl the install script from GitHub pipe it to bash, make sure to run it with sudo.
- 13 days
I’d love to know what’s going on with this. Arch has its haters but someone’s putting a lot of effort into this
- 13 days
It seems like some person with a bot just asked to maintain a bunch of orphaned packages, abusing the 2-week waiting period. Right?
Thats why they used npm; off the shelf, almost “standard practice” credential harvesting malware. Nothing too fancy.
- 11 days
People wanting to use AUR helper, you’re better off using
aurutilsonaurtothanyayorparu. Aurto, even with auto update already remove packages when the maintainer changes because aurto trust models was always to check the maintainer first and not the package itself - 13 days
The article mentions the potential need for human review. I have no idea how that could be feasible for something as massive as the AUR. Maybe it could work like Nix, where every package goes through a PR/MR process, and then after it gets approved, the submitter is added to the list of contributors. It’s definitely not a perfect process, but it’s better than the zero-review process that the AUR has.
- 13 days
I’ve noticed some installers have at least a voting system (e.g. Octopi) which helps… slightly. At least in knowing what the right package name probably is. Crowd source reviewing is probably the only option for such a vast and open system, even if it can be gamed sometimes.
- 0_o7@lemmy.dbzer0.comEnglish13 days
imo, there should be automatic tags like “active”, “abandoned”, “maintainer changed recently”, “updated after hiatus” and a few more.
The arch devs and community can decide on the time frames. It’s not going to be perfect, but it may help warn users of the changes and so they can do a double take.
Anything other than the “active” ones should show what changed (paru already does this) and users should make a conscious choice to install it anyway. (y/N) instead of going through the installation spamming the return key.
- 12 days
There’s a reason why we already called it orphaned. The flag already exists. The AUR helper that auto updates stuff is the problem
- 13 days
Just be aware that the AUR is not vetted. Its like downloading random stuff of the internet and then install said stuff. Always check your sources.
