A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy credential-stealing malware and rootkit-style payloads on affected Linux systems.
I think the comment makes sense, if more packages were supported on the main Arch repos there would be less of a need to use the AUR or Flatpaks.
There are definitely some big gaps on the Arch repos (web browsers in particular) that I would like to see improved.
Yep an easy agree. Popular browsers like Zen, Helium and (god forbid) Brave should be directly in the official repos. So should be Jellyfin. It just makes sense given that debian repos have far more packages.
You’re right, but web browsers can be pretty brutal to build and they are for sure never going to add -bin versions.
I don’t understand this argument. Isn’t it better to build once and distribute binaries than to make everyone compile it themselves? The vast majority of AUR packages I use are -bin versions.
You don’t get to see the code that way, which is where bad actors thrive. Also it wasn’t compiled for exactly your system.