On Wed, Jun 01, 2005 at 08:20:57PM -0600, Dusty Phillips wrote:
A personal repo is usually run by a single person. It's fairly easy to say if you trust that one person's packages or not.
By using a personal repo, I'm implicitly trusting the maintainer of that repo. By using a automatic-package-installing AUR, I'm implicitly trusting anyone with enough brains to create an AUR account.
Yes, but using a semi-automatic package-installing AUR allows me to install from the PKGBUILD after I've reviewed it for saneness. The thing I don't like about binary repos is having to maintain them all in pacman.conf... when it gets down to one repo per package, that sucks.
Dusty
Right, but I wasn't talking to you... or about that. I was responding about the "security" answer... Jason -- If you understand, things are just as they are. If you do not understand, things are just as they are.