Arch Linux

8190 readers

35 users here now

The beloved lightweight distro

founded 5 years ago

MODERATORS

k_o_t@lemmy.ml

Safe to use a browser installed from AUR? (lemmy.sdf.org)

submitted 1 day ago by erici@lemmy.sdf.org to c/archlinux@lemmy.ml

10 comments fedilink hide all child comments

I'm thinking about switching to a Firefox fork as a web browser. Apart from Tor, they're all on AUR. I can't use Tor all the time.

Do you consider that a security risk that's worth worrying about? E.g. you could get a dodgy maintainer putting malware in it, as least theoretically.

you are viewing a single comment's thread
view the rest of the comments

[–] Dirk@lemmy.ml 5 points 1 day ago

could get a dodgy maintainer putting malware in it, as least theoretically.

Yes, that could be possible. But this has nothing to do with the type of application you want to get from the AUR.

It's actually quite easy, because none of the PKGBUILD files are actively checked before publishing them, neither are the programs that are built from them or the packages that you install.

PKGBUILD files are basically shellscripts. Authors can do whatever they want in that scripts. If they want to run rm -rf /*, no-one is stopping them.

This is why you always should read the whole script before running makepkg and examine the ./pkg directory's contents after you did and before installing the package.