Just the case of the packages being removed only a few hours after been published just makes my point of “trusted users” reviewing and reporting then.
And is not only an archlinux/AUR problem, the same happens with python pip, npm, dockerhub, github…
With bigger popularity, bigger the target.
These days after the success of Steamdeck many users switched to Linux, and many of those started using arch or based distros like EndeavourOS because some one on reddit, YouTube or other said is the best for new hardware and you can find everything you need on AUR.
New users won’t review scripts or PKGBUILD, that’s gibberish, just search and install, and a few hours could be too late for some.
I don’t care if Linux loses or gains popularity, but if there’s no guard rails of some kind of control things could get worse, and even end AUR as it is now.
Having people control what’s published or not, probably not the best solution, but leaving it as a wild west also not
Just the case of the packages being removed only a few hours after been published just makes my point of “trusted users” reviewing and reporting then.
And is not only an archlinux/AUR problem, the same happens with python pip, npm, dockerhub, github… With bigger popularity, bigger the target.
These days after the success of Steamdeck many users switched to Linux, and many of those started using arch or based distros like EndeavourOS because some one on reddit, YouTube or other said is the best for new hardware and you can find everything you need on AUR.
New users won’t review scripts or PKGBUILD, that’s gibberish, just search and install, and a few hours could be too late for some.
I don’t care if Linux loses or gains popularity, but if there’s no guard rails of some kind of control things could get worse, and even end AUR as it is now.
Having people control what’s published or not, probably not the best solution, but leaving it as a wild west also not