[Package Request] Terra Station

I would like official version of this software:

( https://station.terra.money/ )

There is AUR alternative, but for security reasons (because money and stuff is involved) would rather use official “Manjaro version”.

? read PKGBUILD binary comes from same github repo, without any change


Yes. It does. Now. Do you think I want to read through the PKGBUILD file every single time an update comes out? I have right now. I don’t want to.

Please read:

Even if the package was in our repos, it would still be identical to the AUR package.

1 Like

It doesn’t take long, just press e when prompted by the pamac CLI to view the build files.

In this type of situation, I have accepted the following choices, and so far it’s served me well. :slight_smile:

There’s three options, which depend on weighing your perceived risks versus benefits of convenience. I say “perceived” because there’s no objective risk associated with using a package from the AUR vs the official repositories, lacking any surrounding context and per-user setups. (It would serve new users to discover they can view the PKGBUILD(s) from the official repositories as well.) :sunglasses:

  1. Trust the package (i.e, PKGBUILD and updates) from the AUR, and trade off this trust for streamlined convenience.

  2. Download the PKGBUILD in a current trusted state (and source files if required), to then build, package, and install on your own system locally. Upon an update from the upstream project, you can then make small changes in the PKGBULD to update the software on your system manually. (Such small changes usually have to do with the software/package version, hash, and possibly the download URLs, etc.) ← This isn’t far-fetched for simple PKGBUILDs, and I’ve resorted to this before.

  3. Like option 2, you can do the same with the source files directly from upstream. There’s not as much benefit of this over option 2, since it doesn’t leverage the package management system.

1 Like