Hello.
Pamac-aur-git maintainer here 
I know a good bunch of EndeavourOS users are using pamac-aur-git as their pacman GUI.
On january 6th - and until next update - code will be grabbed from development branch in order to grab pamac 9.3.0beta. Iâve been using it on my main computer for two days without any big issues. But YMMV 
So, if you want to stay on âstableâ code, please use pamac-aur instead.
il y a un bug ou il plante
I just updated before i saw this. We donât know when the next update comes?
Tu peux me décrire les conditions du plantage ?
When development code will be merged on main channel. Cantâ say. Sorry.
Et ?
Dâailleurs, je vais faire une nouvelle mise Ă jour pour un bug de sĂ©curitĂ©: https://gitlab.manjaro.org/applications/pamac/issues/719
Thank you for the heads up, @FredBezies! I might switch on my business laptop, but will continue with your release for the desktop.
Yeah they like to tinker with pamac too much. Somewhere along the line they screwed the pooch.
From their forum:
Security breach
Testing and Unstable branch - Pamac 9.3.0beta-1/9.3.0beta-2
Anyone can trick you into installing a package simply by offering it on their webpage pretending to be one thing but in reality it is malware and with this behavior of Pamac - hell is loose in your system.
Mime type
⯠cat /usr/share/mime/packages/x-alpm-package.xml
<?xml version="1.0"?>
<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'>
<mime-type type="application/x-alpm-package">
<generic-icon name="package-x-generic"/>
<comment>Alpm Package</comment>
<glob pattern="*.pkg.tar.xz"/>
<glob pattern="*.pkg.tar.gz"/>
<glob pattern="*.pkg.tar.zst"/>
<glob pattern="*.pkg.tar.bz2"/>
<glob pattern="*.pkg.tar.lrz"/>
<glob pattern="*.pkg.tar.lzo"/>
<glob pattern="*.pkg.tar.z"/>
<glob pattern="*.pkg.tar.lz4"/>
<glob pattern="*.pkg.tar.lz"/>
<glob pattern="*.pkg.tar"/>
</mime-type>
</mime-info>
Mime handler
⯠cat ~/.config/mimeapps.list| grep x-alpm-package
application/x-alpm-package=pamac-installer.desktop;
Pamac polkit policy
Pre-autorized to install
⯠cat /usr/share/polkit-1/actions/org.manjaro.pamac.policy
<policyconfig>
<vendor>Manjaro</vendor>
<vendor_url>http://manjaro.org/</vendor_url>
<icon_name>package-x-generic</icon_name>
<action id="org.manjaro.pamac.commit">
<description gettext-domain="pamac">Install, update, or remove packages</description>
>--- snip
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
</policyconfig>
Recommended action
Remove Pamac from your system until the implementation is reverted.
An updated version will be available on both testing and unstable channel. This version is not available for Mr and Mrs Everybody 
I think within a week, pamac-aur-git will be switched back to âmainâ channel.
Odd that Manjaro is uptight about pamac not asking for password, what about the KDE users who installed Discover in Manjaro ? I donât remember Discover asking for password in years. Where is their fear for that ?
The pamac is working fine for me.
Well, it works, thank you very much.
Yeah, I installed pamac yesterday⊠Rolled without any update notifier since install but pamac is just so handy.
Always installs via terminal but pamac is great as a combined search engine and notifier.
Just for the info: pamac 9.2.2.r18 = pamac 9.3.0rc
Switched back to master branch.
And the mandatory screenshot:
Closing thread now.