paru (which I use almost exclusively for building AUR packages, except
my own and when things severely break) shows you the PKGBUILD and every
single file in the package repo, including with diffs if you are
updating the package. There is the --skipreview flag but it’s not the
default (and I only found out now that it exists when double-checking
the CLI).
All to say that paru, from a users perspective, is barely doing anything
more than
git clone https://aur.archlinux.org/<pkgname>.git
cd <pkgname>
git diff ..<origin commit or previous commit>
makepkg -i
meanwhile the output of all relevant commands is displayed as if you ran
them yourself. Anyone who wants to spend less time fiddling with AUR
packages would have written a shell script like that sooner or later.
In my opinion, paru is much better than packagekit, which was yeeted/is
in an unsupported state (at least for pacman) for the same Arch
philosophy reasons. I don’t personally agree with that change, but
since/if we agree that packagekit is bad, then I don’t think we can
agree that paru is equally bad, as it is explicitly upholding all
principles of using AUR packages: check everything in the package repo,
show all output of all commands to the user, allow them to cancel at any
time, etc. etc.
The main thing we lose is people not knowing how to operate makepkg,
whose primary CLI options can be learned in 5 minutes and are ultimately
very simple. People won’t learn PKGBUILDs faster or slower through
either method, as they both allow you to skip reviewing and
understanding them. At least paru puts the PKGBUILD prominently on your
screen, and you have to press two keys to continue. No such feature
exists in makepkg (or in pkgctl, FWIW).
All to say that these arguments are a bit hypocritical, since it’s
already so easy to build AUR packages in a careless manner. I would
argue that at least paru makes this harder (while still saving time). I
have never used yay so maybe the situation is worse there, I can’t speak
to that.
~ kleines Filmröllchen
