On Thu, Sep 1, 2016 at 1:47 PM, Eli Schwartz via arch-general <arch-general@xxxxxxxxxxxxx> wrote: > On 09/01/2016 12:41 PM, Diego Viola via arch-general wrote: >> Sorry, I didn't meant to be rude or be offensive towards the AUR, the >> AUR is great, but when using things like bitcoin, how can you be safe >> that using bitcoin-qt from the AUR is fine? >> >> What Emily suggested, actually building it myself works fine, but is >> there anything else I can do in order to verify my binaries if I'm >> using someone else's build? > > This tells me that you do not actually know what the AUR is. > > The AUR is a collection of build scripts (in Arch Linux parlance, the > "PKGBUILD"), which describes how to download and build a package. Yourself. > > :) :) > > You can trust an AUR package to the same extent you can trust your own > eyeballs, which you use to read the PKGBUILD and confirm that it is > doing the same thing the stable PKGBUILD in the ABS is doing. > > -- > Eli Schwartz I actually know that, yes. My point is that there can be bad PKGBUILDs out there that could fetch the bitcoin-qt binary from somewhere else, which means I'll need to review the PKGBUILD beforehand or write my own. I admit to not use the AUR a lot (I stick mostly to packages from the repos), but I understand how the AUR works. Diego