I went to their
GitHub but didn't really understand what I was reading. Is this a new package distribution source? What is the difference between it and the Community driven AUR?
I read the
About section on their GitHub but couldn't make sense from it other than they host packages.
Most packages available in this repo are automatically built from their respective AUR source package. However there are a few exceptions, check out the
packages repo to find out which ones. The primary building cluster is a node in UFSCars datacenter which is hosted in São Carlos, São Paulo, Brazil.
Packages do not have to build yourself.
You save electricity power and time.
Thank you for your time, I was over thinking what it was.
I was reading a post on Reddit from a Dev Maintainer from Chaotic-AUR who said that technically Chaotic-AUR is not safe, and that everyone should be cross referencing the packages on the AUR page before they install them.
I believe that is technically accurate. This came up in another thread recently, see TNE's response here:
Just want to add, yes, this is a security risk, the packages built from the AUR are not supervised actively. The Garuda repository has packages maintained and supervised by us. If you want to make sure, you should check these packages yourself, or you could start an initiative here to check packages with the community as a whole
(I just want to note, chaotic-aur is not an optional repo in Garuda)
That's just how it is unfortunately. We don't have he manpower to manually check the…
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.