bitfucker

By installing another bootloader and make the UEFI entry for it. I don't use a bootloader at all tho and just straight up register the linux kernel using efibootmgr

Sure, your proposed solution is a good way to weed out the low hanging fruit. But I don't like that it may create friction for normal users. AUR was never meant to be a FOSS project on its own with a full time maintainer that maintains PKGBUILD and the infra.

Like I said before, it is more akin to an internet forum and pastebin more than a full fledged package repository. And to be fair, it isn't a package repo anyway. It's like a cmake / makefile sharing site. Building and packaging for arch is just that easy compared to say, debian.

If people want to use a repo, there is chaotic aur. Maybe that could be the way too. A dedicated community project to vet the AUR. Or the project maintainer itself could provide a pkgbuild directly on their repo.

Just don't ever blame the maintainer for providing a place to store something for free and open to anyone. Especially if it is your choice to get something from said place and be surprised that it is malware.

You said it yourself that it is a community repository. No difference between that and the internet forum. You are putting the burden of accountability on the maintainer that way. Which I would remind you, is unpaid unlike say, github and npm that HAS a financial means to do a lot of security implementation. Yet those platforms still fail to do it.

Also, humans ARE the first layer of defense. Because anything you do on your device (on linux anyway, and specifically arch) is YOUR decision. Antivirus and everything else should kick in when the human fails.

You are normalizing people downloading things off the unvetted internet like on windows. Linux has a vetted repo already. THOSE are what people should be using and I'm fine with if those are being blamed. Everything else is USER due diligence. That is why the existence of easily installing malware like limewire does not justify blaming the platform. Or do you also blame torrenting site when they are chock full of malware?

Or maybe don't use AUR blindly? You're doing the equivalent of `sudo curl

| bash`. Who knows what the script is doing. So only do it if you truly trust it. That's why we have warnings plastered all over. That's also why a warning label and sticker exists. And this is precisely the reason easy no user input AUR helpers are greatly discouraged

AUR is not Arch maintainer vetted repo tho. Even librewolf is not in the arch repo.

The closest equivalent of AUR is PPA/launchpad

That size is the issue I think

A well thought out software architecture is indeed worth a lot. So a group of engineers that are able to actually make accurate architecture and decisions from the get go would help a lot. But the problem is requirement changes. And that's the core issue.

For something relatively set in stone like a car control system for ICE timing and whatnot, the requirement will not change by the fact that it is tied to another design which must also have been fixed beforehand and cannot be changed easily mid way willy nilly like software.

The engineer designing the engine must do a lot of administrative tasks again to make sure they pass every regulation under the sun when a change is made. We, the software guy does not have the equivalent of those barrier when a service requirement change. At most it is something about data privacy and security but that's about it. Everything else is fair game

Lemmy sure loves swallowing my reply. To answer your question shortly is an offline first app where the user can add records and the relation during offline and then sync it later after connection is re-established.

Ohh, I would be glad. We would finally see how fragile the internet really is and hopefully it will spawn a better internet

Yeah, honestly we should have a way to instrument JS without actually making the JS runtime able to read the measurement data

I uhh, misread that as North Korea at first. I need to sleep