this post was submitted on 16 Jun 2026
180 points (98.9% liked)
Linux
14018 readers
399 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's a USER repository, where you literally download install files from unverified strangers.
There's a reason all the AUR helpers prompt you to verify all the files before they will build or install anything.
It’s still hosted on archlinux.org.
However “YMMV” the scripts are intended to be, they can’t host throngs of malware on their domain.
…Well, I guess they could if they want to become the next npm, but it still seems like a legal liability.
I’m not saying it should be taken down, but the status quo is definitely no longer acceptable.
THANK YOU!
I wonder percentage of Arch users are actually capable of verifying that an AUR package is safe to install. I doubt that the number is very high, especially with the growing popularity of the distro
This! 👆
These days it's very small. Most people just wanna use Arch because it's cool.
While I do wholeheartedly think it's by far the best distro, I also frequently recommend Mint for newbies if they don't enjoy learning on their own.
In my case you can unironically blame Valve. I wanted an Arch-based distro to stay as close to SteamOS as possible but I have an nvidia GPU for the foreseeable future (unless I win the lottery or something).
Try CachyOS or just do like me and use their repo + kernel on Arch
Oh yeah that's what I'm using. Thanks though!