@negativeprimes do you compile everything that's unavailable in official repos by hand? Just curious, it seems to be kinda cumbersome

@pfxel I also don't understand security-wise. I had to compile a driver for a rme sound-card. Philippe Beakaert, a computing professor wrote it. Sadly, he died 2 years ago, and others did fork his project on github to maintain it. Couldn't those people also put malware in the source code? Is source code safer, because it would be more work to maintain, just to inject malware? I am sure there has to be lots of malware on github..

@pfxel I really know nothing and feel like an easy target. I guess malware that gets compiled by a C-compiler is harder to write than a java-script thing

@pfxel To compile a thing, i am executing a Makefile that is full of CLI commands, and it would be easy to drop a line there, no? My two cents are: People like me should never install anything that's not in the official repo. Or join this conversation publicly, i am embarassing :)

@wespi haha, well, I'm not really qualified either, I'm definitely not a security guy. But I was talking more about maintenance - not using AUR means using Flatpak or just cloning and compiling every new version of each package individually. AUR helpers make this more convenient. But about your questions, I think that the language doesn't matter much these days - the bad actors will use some LLM for the coding part. But being open source means it's easier to catch - history and code are public