[arch-projects] mBira project
Aaron Griffin
aaronmgriffin at gmail.com
Wed Jun 1 15:29:37 EDT 2005
On 6/1/05, Dusty Phillips <buchuki at gmail.com> wrote:
> Since AUR can contain unofficial PKGBUILDs, I question the utility of
> this? Why don't users with binary package dbs submit the packages to
> AUR instead.
>
> The answer, of course, will be "because they have to build the
> packages themselves". To this end, I think a script based on sourcepac
> that automatically downloads PKGBUILDs and builds them would be more
> useful.
This was discussed a while back - and the answer is the same old "security".
The AUR has no validation for PKGBUILDs... I could submit a PKGBUILD
that has an install file that runs "rm -rf /" and the AUR will handle
it just fine... an automated command to download a PKGBUILD from the
AUR, and makepkg it without any checking, I can wipe your harddrive
when you try to install madwifi from AUR
More information about the arch-projects
mailing list