I was not aware of the policies followed in the community. For your information, the package is safe. Hosted by gitlab On Mon, Feb 24, 2025, 2:42 PM <notify@aur.archlinux.org> wrote:

a821 [1] filed a deletion request for package-installer-xe [2]:

This is the fourth time the same package has been uploaded with a different name.

The problem persist: this install an unknown binary in the system, even though it is supposed to be GPL (seemingly, a python program bundled with pyinstaller).

Also, the PKGBUILD sources another PKGBUILD inside the tarball, obviously insane.

See PRQ#69131 PRQ#69138 PRQ#70232

[1] https://aur.archlinux.org/account/a821/ [2] https://aur.archlinux.org/pkgbase/package-installer-xe/

Request #70248 has been Accepted by Antiz [1]: This PKGBUILD doesn't follow Arch Packaging standards: - Downloads a random archive containing a prebuilt binary from the GitLab repository raw sources, without any correlation with $pkgver whatsoever. - Installs said prebuilt binary silently on the system instead of building it from source. - Sources another PKGBUILD from the downloaded tarball (!). @almezali, In its current form, this package doesn't have its place in the AUR. You're expected to publish the source code on your GitLab repository and then build it from source via the AUR PKGBUILD (since you claim your program is licensed under a GPL). Uploading a prebuilt binary / package to your GitLab repo and downloading / installing that through the PKGBUILD (moreover, by sourcing yet another PKGBUILD from it) is not trustworthy at all and doesn't respect our packaging etiquette. I advise you to read the following Wiki article: - https://wiki.archlinux.org/title/PKGBUILD - https://wiki.archlinux.org/title/Arch_package_guidelines - https://wiki.archlinux.org/title/Python_package_guidelines (since your program seems to be written in python) Thanks in advance for your understanding. [1] https://aur.archlinux.org/account/Antiz/