Does Garuda Dragonized ship any AUR packages by default? What about the Gaming Edition?
I was checking out the software included in the Gaming Edition and most of it I can only find in the AUR, or does Garuda have its own repo for these things?
If AUR packages are included, can this be considered a potential security risk due to the nature of that repository?
No.
No.
Packages used in the official spins that are not included in the Arch repos are pulled from the Chaotic AUR, for which the repos are included in all Garuda spins by default.
3 Likes
Just want to add, yes, this is a security risk, the packages built from the AUR are not supervised actively. The Garuda repository has packages maintained and supervised by us. If you want to make sure, you should check these packages yourself, or you could start an initiative here to check packages with the community as a whole 
(I just want to note, chaotic-aur is not an optional repo in Garuda)
That's just how it is unfortunately. We don't have he manpower to manually check these AUR packages, but most of them are quite popular on their own and the likelyness of a malicious package proportionately lower, but not zero.
7 Likes
I see, thanks. I would check the packages myself, but unfortunately I'm a newb and don't know the first thing about doing this.
Read the PKGBUILDs. (Being a "newb' doesn't excuse you from doing your homework prior to asking.)
4 Likes
If organized correctly, that sounds like a sweet idea.
Would love doing that - checking some packages - but I'm not quite certain what depth of testing that would take and what precisely would have to be checked.
5 Likes
If enough people would volunteer for doing this, it could become an actual thing. Personally, I would love a "curated" section of Chaotic-AUR that has actively supervised package upgrades - as @TNE pointed out already we don't have the manpower to provide such a thing as of now. If someone is interested in doing such work: let us know! 
7 Likes
Welcome to the forum schnitzelfan22
This article looks like a good starting point, for us newbs. @schnitzelfan22 here is a tutorial on how to read PKGBUILDS, doesn't seem too too dificult.
5 Likes
What are the AUR packages included in the base version of KDE Dragonized?
I am assuming you mean the package list (considering what has already been answered in this thread). You can check the package lists in the Garuda downloads page. The current KDE Dragonized version (non-gaming) package list is available to look at here: https://iso.builds.garudalinux.org/iso/latest/garuda/dr460nized/latest.pkgs.txt
3 Likes
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
