Are -git repositories safe?

Hey Guys!

I needed to download “ffmpeg” for one of my programs and there were two types of this package:

  1. ffmpeg-full
  2. ffmpeg-full-git

I had trouble installing first, so I chose the one with -git.

Is it safe to download/use this packages?


There are two versions: 3.4.2 and 4.3.2 … did you tried both? The git version is 4.4

AUR packages are always users responsibility when installed, and their safety depends on the AUR packagers. There is never a guaranty to them, but also there are no real reasons to get into complete distrust. You could read more about in the wiki


When I started installation there was 2 or more providers for some packages. Whenever I used packages without -git there was an error in the end, after it asked me to import pgp key. So I used -git providers and it seems to be working!
The main thing, is that I chose to install package without -git (4.3.2-1 version) but then, when it asked me to choose provider, I chose -git.

Okay, I got it, but what about packages provided by GitHub? What’s the difference between them and the ordinary packages?

Normally, GitHub does not provide packages; it is a repository for source code. Usually, if the repository maintainer/owner is aware of an Arch package, they’ll provide a link to the AUR, and/or give you configure-make-make install instructions.

If they do provide an actual package whatever-program-1.0.0-1-x86-64.pkg.tar.zst, then you have another set of issues to deal with - I’ll let you contemplate and work that out yourself. :slight_smile:

<sigh> - Seems like GPG is becoming the bane of your experience. :frowning:


ffmpeg is in the extra repo, no need to install anything from the AUR.

Which one?

Why can’t be said in the first post?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.