![]() ![]() That also means you can check and make sure the sources are coming from the original author. This means a lot, it means you can vet the actual packaging yourself and make sure there's nothing hinky going on. ![]() The PKBUILD builder isn't actually packaging the software, *you* are when you run makepkg. You're conflating "more work" with what we'd traditionally express as a chain of trust. ![]() If you want the additional convenience but higher system usage, install a Flatpak. If you believe we are in a world where you can no longer trust anyone at all. Whereas AUR will likely share that same copy of some gtk module with other applications that might be using it. Multiple copies of the same library loaded in memory, etc. Hence the recommendation to /always/ double-check an AUR PKGBUILD before you install it.ĭepending on your setup the sandbox of a Flatpak could result in a more innefficient configuration. But ultimately who do you trust? An AUR PKGBUILD could very well point to malicious dependencies that get install system-wide. Which is tracked by pacman and easily uninstalled, maybe not as simple as a Flatpak. True AUR packages install software system-wide. AUR is packaged by USERS of Archlinux vs Flatpak packaged by developer or who knows, someone else(?)įlatpak is 'sandboxed' so dependencies are self-contained but access to your filesystem is still valid. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |