should post something eventually
i can empathize with those infected but it’s important to note that the source of this issue is still installing random stuff from random people. the aur is not the same as arch repos, and users wanting to opt in need to take more precautions than usual
in theory? getting rid of paru and friends, manually reviewing the pkgbuild and the source of whatever it is installing
realistically? nothing. the AUR is a glorified repository of build scripts anyone can upload. the script or the package itself can ship malware
the AUR is mostly the same as downloading and running random exes on windows. you should avoid it, make it as manual as possible (forcing you to double check what’s happening) and be able to review the installer/package or trust someone who can vouch for its safety
for me it adds nothing (like most userdb fields as i don’t use them) but equally doesn’t remove or compromise anything, userdb is optional
i’m absolutely not acting like it’s being added for no reason, did you read my reply? it’s being added (and i just wrote it) to maliciously comply with CA upcoming laws. you instead just acted like a optional field is the same as MS no-offline setup. “Windows would implement it in an identical way”. do you even use linux?
you claim there’s plenty of evidence and this is not a slippery slope because the goal is deanonymization. this is not how you prove to not be in a logical fallacy. “legalize gay marriage and they’ll marry dogs”, “oh i have plenty of evidence queer folks are against nuclear family”. the second statement is true (per this queer folk) but it doesn’t make the first less of a slippery slope.
Meta pushes for age verification? i believe that, not contested. systemd will violate privacy? this is the slippery slope. i know meta wants privacy violated. you’re claiming that having an optional field is a dead giveaway systemd wants to let meta do this.
how? wouldn’t systemd rely on meta services, or third party stuff like persona, to id you if they really wanted to make sure who you are? i see no api calls, i see no system lockdown when not complying, i see no data being sent away.
i see an optional field that nothing uses, that prevents nothing, that is strictly on your device.
you say it’s “just” compliance, but how does it verify? if this is compliance with age verification, it sure lacks a lot of verification and seems to just be age. thus why this is malicious compliance: the bare minimum to be lawful and not compromise user privacy. seems desirable to me
not who you replied to but makes linux systems maliciously compliant so that you can still use them (say, in schools) without having your privacy violated.
your slippery slope argument could apply to any field of userdb: real name will require an id, location will require geolocation!
slippery slope is a logical fallacy, complain when systemd requires an id, not when it does the bare privacy-respecting minimum to comply with a silly law
the diff is noise in the potentially big update log. the point of doing it manually is forcing you to take your time and verify stuff one by one. also pkgbuild is just one place, seeing the hash changed means nothing if you don’t check what that archive contains, or seeing the install steps don’t change mean very little when the installer invokes other scripts anyway
i understand that you aren’t going to vet the source itself, but at that point you are exposing yourself to this kind of malware without mitigation. the aur is unsafe by design (fast way to publish a package without any involvement from anyone else) and should be avoided whenever possible. im not an arch hater, i too run arch