That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.

Any major Linux distribution has a system for building packages, it’s not something special to Arch. In fact, Arch’s great advantage of the aur repository actually becomes a disadvantage by introducing instability and insecurity into your system when you add programs from that repository. It’s amazing that people criticize Windows security with .exe’s and then install packages from external repositories with the security of “trust in the repository”. How can you trust code with root access to the system just because it’s in the aur repository? That’s the main question I would ask Arch users.

Most of the time it is achieved with the phrase: “I use Arch, btw”. 😉

If you want full system control and a rolling distribution with a good security setup, stay with openSUSE Tumbleweed. Immutable distributions like SilverBlue, Aeon,…are not recommended for everyone, only for those who don’t want to administer their system and who have good hardware and a good internet connection.

deleted by creator