I’m thinking about switching to a Firefox fork as a web browser. Apart from Tor, they’re all on AUR. I can’t use Tor all the time.
Do you consider that a security risk that’s worth worrying about? E.g. you could get a dodgy maintainer putting malware in it, as least theoretically.
Yes, that could be possible. But this has nothing to do with the type of application you want to get from the AUR.
It’s actually quite easy, because none of the PKGBUILD files are actively checked before publishing them, neither are the programs that are built from them or the packages that you install.
PKGBUILD files are basically shellscripts. Authors can do whatever they want in that scripts. If they want to run
rm -rf /*, no-one is stopping them.This is why you always should read the whole script before running
makepkgand examine the./pkgdirectory’s contents after you did and before installing the package.