This was discussed a while back - and the answer is the same old "security".
The AUR has no validation for PKGBUILDs... I could submit a PKGBUILD that has an install file that runs "rm -rf /" and the AUR will handle it just fine... an automated command to download a PKGBUILD from the AUR, and makepkg it without any checking, I can wipe your harddrive when you try to install madwifi from AUR
True that AUR doesn't verify PKGBUILDs, but at least I can look at the PKGBUILD online and decide on what it contains. A user repository sends binary packages; it could contain a package that rm -rf / in the post-install and I wouldn't even have had a chance to look before the damage was done! cactus: I didn't mean to attack personal repositories; in the case of you and phrakture, I've used both in the past and may continue to. But I don't trust anybody else to build a package properly, even if they don't mean to harm it. For me, I'd like to see all PKGBUILDs in AUR. Then I'd like to be able to view the PKGBUILD to verify the integrity (already easily done online), and then be able to run a simple program that will automatically install from AUR without me having to manually download the pkg and makepkg it... If the pkg is in somebody's repo, I have to edit pacman.conf, and personally, I like to keep that as simple as possible... I hate adding repositiories so I can download just one or two programs from them. But that might just be me. I'm remembering days when I had a loooooooooooong list of apt-get sources that took literally an hour to update on dialup... lovely thing about arch is I don't even remember the file that apt-get sources are stored in! :-) Anyway, I hijacked your topic here... I recall phrakture had a script to grab PKGBUILDs from AUR, so it shouldn't be hard for me to extend this to automatically build too. Dusty