On 6/1/05, Dusty Phillips <buchuki@gmail.com> wrote:
Since AUR can contain unofficial PKGBUILDs, I question the utility of this? Why don't users with binary package dbs submit the packages to AUR instead.
The answer, of course, will be "because they have to build the packages themselves". To this end, I think a script based on sourcepac that automatically downloads PKGBUILDs and builds them would be more useful.
This was discussed a while back - and the answer is the same old "security". The AUR has no validation for PKGBUILDs... I could submit a PKGBUILD that has an install file that runs "rm -rf /" and the AUR will handle it just fine... an automated command to download a PKGBUILD from the AUR, and makepkg it without any checking, I can wipe your harddrive when you try to install madwifi from AUR