And the AUR is not currently accepting registrations, so some degree of vetting is clearly happening in both cases. I don’t know how stringent for either.
This wasn’t supposed to be a perfect one to one comparison, just an interesting sidenote lol
I think they’re currently taking extra precautions, because of this event. I don’t think they were vetting users before. Regardless, it’s significantly less controlled than the Microsoft store. The equivalent of that is the official repository, not the user repository.
That’s like saying that github is equivalent to the Microsoft store. Sure, they provide the space for the repository. It’s controlled by users though, as the name implies. It isn’t the official repository, like the Microsoft store is the official “repository” for Windows.
Yeah, perfect analogy. No amount of external helper tools making installs from GitHub easier would change the security implications. (Cargo-binstall is an example of such a helper.)
The packages on the AUR are all user created. It’s not really comparable to the Microsoft Store.
Is the Microsoft Store not full of apps not created by Microsoft?
It’s apps approved by Microsoft. They only made a small fraction of them.
And the AUR is not currently accepting registrations, so some degree of vetting is clearly happening in both cases. I don’t know how stringent for either.
This wasn’t supposed to be a perfect one to one comparison, just an interesting sidenote lol
I think they’re currently taking extra precautions, because of this event. I don’t think they were vetting users before. Regardless, it’s significantly less controlled than the Microsoft store. The equivalent of that is the official repository, not the user repository.
AUR is not the official repository. Its more like downloading a virus from Mlcrosoft.com.
The AUR is hosted on https://aur.archlinux.org/.
Just like how Microsoft hosts the Microsoft Store.
That’s like saying that github is equivalent to the Microsoft store. Sure, they provide the space for the repository. It’s controlled by users though, as the name implies. It isn’t the official repository, like the Microsoft store is the official “repository” for Windows.
Yeah, perfect analogy. No amount of external helper tools making installs from GitHub easier would change the security implications. (Cargo-binstall is an example of such a helper.)