Official packages are already vetted so they don’t need user scoping. They could just enforce user scoping in the AUR and use the provides array for resolving conflicts. Its not a perfect solution but there’s no such thing as perfect security, just better security.
Also having an AUR helper that properly containerized the build step would be an even bigger improvement.
Official packages are already vetted so they don’t need user scoping. They could just enforce user scoping in the AUR and use the provides array for resolving conflicts. Its not a perfect solution but there’s no such thing as perfect security, just better security.
Also having an AUR helper that properly containerized the build step would be an even bigger improvement.