[arch-general] bitcoin-qt out-of-date
Diego Viola
diego.viola at gmail.com
Thu Sep 1 16:54:50 UTC 2016
On Thu, Sep 1, 2016 at 1:47 PM, Eli Schwartz via arch-general
<arch-general at archlinux.org> wrote:
> On 09/01/2016 12:41 PM, Diego Viola via arch-general wrote:
>> Sorry, I didn't meant to be rude or be offensive towards the AUR, the
>> AUR is great, but when using things like bitcoin, how can you be safe
>> that using bitcoin-qt from the AUR is fine?
>>
>> What Emily suggested, actually building it myself works fine, but is
>> there anything else I can do in order to verify my binaries if I'm
>> using someone else's build?
>
> This tells me that you do not actually know what the AUR is.
>
> The AUR is a collection of build scripts (in Arch Linux parlance, the
> "PKGBUILD"), which describes how to download and build a package. Yourself.
>
> :) :)
>
> You can trust an AUR package to the same extent you can trust your own
> eyeballs, which you use to read the PKGBUILD and confirm that it is
> doing the same thing the stable PKGBUILD in the ABS is doing.
>
> --
> Eli Schwartz
I actually know that, yes. My point is that there can be bad PKGBUILDs
out there that could fetch the bitcoin-qt binary from somewhere else,
which means I'll need to review the PKGBUILD beforehand or write my
own.
I admit to not use the AUR a lot (I stick mostly to packages from the
repos), but I understand how the AUR works.
Diego
More information about the arch-general
mailing list