If people want to provide a package with certain modifications, just let users get it off your git repo and build it themselves with the proper instructions. It’s not that much safer, but just enough that it should prevent this kind of widespread problem.
A long time ago I chose openSuSE over arch because of (among other) me being concerned with the lax use of the AUR by the community.
One should just be somewhat mindful of what that thing is – it is pretty much the equivalent of clicking links on the web to download software for Windows.
I think it should be used for what it was supposed to be.
The AUR was created to organize and share new packages from the community and to help expedite popular packages’ inclusion into the extra repository.
Maybe arch should adopt something akin to open build service and openqa to more quickly grow the extra repository which then can be monitored better?
That’s already the recommended path.
A long time ago I chose openSuSE over arch because of (among other) me being concerned with the lax use of the AUR by the community. One should just be somewhat mindful of what that thing is – it is pretty much the equivalent of clicking links on the web to download software for Windows. I think it should be used for what it was supposed to be.
Maybe arch should adopt something akin to open build service and openqa to more quickly grow the extra repository which then can be monitored better?