On Fri, Apr 24, 2026 at 09:15:31PM +1000, SK wrote: > On Fri, Apr 24, 2026 at 06:54:01PM +0900, [email protected] wrote: > > Imagine if there were a "very-helpful" AUR helper that promises auto > > update, zero user > > interaction, completely shielding users from the build process. > > > > Vetting known-good helpers would prevent those helpers from getting main > > stream, while funneling users to understand the build system. > > This is not possible. Shielding the user from the build process is > exactly what we do not want to do, and what a good helper (like yay) > does. There is nothing lacking in the current helpers, functionality > wise, but its goals contradict with the Arch developers' pedagogical > goals. >
Sorry, there's a misunderstanding here so let me rephrase. New users must understand that AUR is community-maintained, they are not maintained by Arch Linux team. Using AUR helpers might make these processes easy, and (depending on the helper) people may not see the PKGBUILD, or even made aware what they are, how harmful they could be. Imagine there's this hypothetical "very-helpful" AUR helper that shields users from build process. This is exactly what we DO NOT want to do. 100% agree with this. What I am saying is that this AUR helper _could_ exist. Now let's consider the user journey. Someone who doesn't know much about these nuance hearing from someone that they can get rich quickly by installing "evil-package". The package is present on AUR, and the user also heard that they should use AUR helpers to make their lives easier. The option is either using something like "yay" which is hard to use, lives on the CLI... or they could use "very-helpful" AUR helper that even has GUI, click to install, auto updating, even AI integration!. The user then click on "evil-package" and loses bitcoin. Very sad. What I am saying is, From a user perspective, there's not much incentive of using our trusted AUR helper, vs using some shoddy automated "very-helpful" AUR helper. These users barely know `pacman`, otherwise they won't be needing archinstall script. So my argument on having trusted AUR helpers on official repo is that there will be incentive of keeping people away from these "very-helpful" AUR helpers that bring more harm than good. There can be policies such as the amount of warnings for first-time users on interacting with AUR packages. So my stance here is: Yes, people should read PKGBUILD. Because of that, let's make sure they use AUR helpers that make it obvious to read the PKGBUILDs. ... I bet majority of the newcomers only use `makepkg` once to install AUR helpers
