Artix Linux Forum

Due to major issues occurring for users as a result of using some AUR helpers, it has been decided to remove Pamac and Octopi from our repositories. We know some users liked using these tools, but unfortunaly the havoc they keep creating outweighs their benefits.
artist

Looks like both octopi and pamac are available in pre-built binary form from the chaotic aur repo, which I've heard is a fairly reliable source of packages (although I haven't personally tried it nor do I use either of these package managers as a disclaimer to this statement)
https://aur.chaotic.cx/
So that could be a possible alternative for those affected by this, you'd need to enable that non-standard repo.

Warning: AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.

And even if they did, how is a noob - or even an experienced user - supposed to spot this malware anyway?

You link to github and there's malware hosted on there too, but you don't need to avoid the entire website.

Oh noes, imagine the negative reviews: "It's 2021 and Artix doesn't provide a GUI package manager... die die die!"

Beginning with next weeks builds, only the community editions will offer GUI package managers.

... We know some users liked using these tools, but unfortunaly the havoc they keep creating outweighs their benefits.
artist

The PKGBUILD inspection option is all very well, but can't a pamac user go to the aur website and look at the PKGBUILD and package source there? And even if they did, how is a noob - or even an experienced user - supposed to spot this malware anyway? Plus there is a case of what is a reasonable precaution, ie if malware appears in the AUR then someone is going to complain and take it down, but that is always going to take a time to happen - and you can equally be at risk from malware in all other kinds of situations. You link to github and there's malware hosted on there too, but you don't need to avoid the entire website.
 What I've been thinking for a while now, (but will probably spend a lot more time thinking about it) is using antivirus software to scan the PKGBUILD, source and finished build results, because expecting a human to do all that every time they update is a pretty pathetic security procedure in practice unless they are a cyborg or something.
pamac did break for a long while after the pacman update, because it's a Manjaro project and primarily maintained to keep pace with Manjaro versions, which are well behind Artix and Arch, so it's not always the most reliable option though, octopi was fixed faster.
So far as the decision to remove these from the Artix repos go, I totally respect whatever decision the maintainers make, I was merely suggesting a workaround, and I hope anyone who looked into that takes your points on board too.

I tend to agree with this and, while not wishing to water down the warnings given in other posts above, I feel as long as the user is armed with the necessary warnings, it is his or her ultimate decision to use or not use the AUR.

I have used it in the past and am fully aware of the risks, and certainly would not blame Artix if I broke my system!

Linux is all about freedom and choice.
So, why limit user?!

Everyone is, of course, free to install whatever one wishes, but they are then on their own; official support shouldn't be expected.

pamac will do things like replace Artix packages with Arch packages, remove packages you didn't tell it to, etc. When that happens, you are on your own, don't expect help.