[arch-proaudio] New package for dexed with standalone JACK client
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Sun Mar 25 21:12:41 UTC 2018
On Sun, 25 Mar 2018 13:53:59 -0700, Jimi Bove wrote:
>At least as far as I know (maybe yaourt's fixed this by now, too),
>running `yaourt -Si` on an AUR package results in the PKGBUILD being
>sourced, allowing malicious code to be executed if it's in there. And
>also as far as I know, that's the only flaw in yaourt, besides
>extremely minor ones like how it handles split packages and tmpfs, and
>ones that are just a feature it's missing that another AUR helper has.
Yes, I forgot about the split packages. An inexperienced user
unfortunately would build a split package two times instead of one time.
Not really an issue.
I guess a real issue when yaourt is used by an inexperienced user, is
the lexical order updated packages are build.
If package "a" depends on package "b", we need to build "b" before we
build "a", but yaourt would build "a" at first.
More information about the arch-proaudio
mailing list