this post was submitted on 29 Feb 2024
191 points (98.0% liked)

Open Source

31367 readers
63 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] okamiueru@lemmy.world 2 points 8 months ago (1 children)

If you're actually vetting PKGBUILD, I don't think there is a single one I've installed that doesn't download some blob. There is no way of knowing if it's OK, unless you also sift through that. I don't think anyone does. I certainly don't.

[โ€“] Deckweiss@lemmy.world 1 points 8 months ago* (last edited 8 months ago)

Most of mine download source and compile it or plain scripts like python/bash and move them some place.

If it is a -bin, I check the url and checksum to be sure that it comes from the official source and obviously I do not install software from companies that I do not trust. (and yes, every update. I have a dedicated timeslot in my calendar for that)

I don't know what type of blob you mean which would require any additional treatment like.