Most Operating Systems that are not outdated are as secure as your habits allow them to be. If you mostly use official packages, have strong passwords, and don't download random garbage you find on the internet, then you'll probably be fine.
The Arch User Repository basically operates on the idea that "You can review what's being installed, but it is entirely up to your technical competence to decide if this is what you want or not" Word will inevitably get out if some oddball package is doing something fishy, but if you're trying to do something really obscure it is worth taking a close look at it (this is not a thing most ordinary people have the training and experience to do though).
It can be kinda sketchy, but it has a better record than some other package distribution systems.
The AUR is definitely a bit of a security risk. The best is to not use it at all, but if you have to use the AUR, then either make sure that the package doesn't have malicious code inserted into it or only use popular AUR packages that likely had someone else vet them already.
deleted by creator
Most Operating Systems that are not outdated are as secure as your habits allow them to be. If you mostly use official packages, have strong passwords, and don't download random garbage you find on the internet, then you'll probably be fine.
deleted by creator
deleted by creator
Um, does the AUR count?
The Arch User Repository basically operates on the idea that "You can review what's being installed, but it is entirely up to your technical competence to decide if this is what you want or not" Word will inevitably get out if some oddball package is doing something fishy, but if you're trying to do something really obscure it is worth taking a close look at it (this is not a thing most ordinary people have the training and experience to do though).
It can be kinda sketchy, but it has a better record than some other package distribution systems.
The AUR is definitely a bit of a security risk. The best is to not use it at all, but if you have to use the AUR, then either make sure that the package doesn't have malicious code inserted into it or only use popular AUR packages that likely had someone else vet them already.