These are posts worth reading about it:
The Arch User Repository (AUR) is a collection of user-submitted package description files ( PKGBUILD files). These description files can be used to create package archive files ( .pkg.tar.zst files).
These PKGBUILD files can be used by an AUR helper (e.g. yay , aurman , Pamac) or manually built using makepkg. The resulting package archive file can then be installed in the normal way.
All content on the AUR is uploaded by ordinary users and very little checking of their content is done - it is…
The AUR is one of the safest ways to install software, just because it is so transparent. But it does not tolerate just looking up the package in Pamac and clicking on the Build button, or doing yay package_name blindly. It requires that the user knows what’s going on. That’s why I recommend trying to build at least one package manually, to understand what’s going on, before using an AUR helper like pamac or yay.
yay has a nice feature that allows you to inspect a PKGBUILD file before installin…
In my opinion, this is the most important part so if you only check one thing, this is a good start.
TL;DR: When installing software from the AUR, you should get in a habit of inspecting PKGBUILD files, and yay has this nice utility where, upon updates, it only shows you the differences in the PKGBUILD, so you can quickly see what changed.
4 Likes