Except it automates the steps you’d have to take to inspect and edit the script, if needed. Also, PKGBUILDs are much nicer to read than just plain install scripts. And, of course, it actually builds a package, which is then installed, so it’s not only tracked but can be updated like the rest of the system.
I’d say that yay encourages checking the PKGBUILD or its diff more than the average “curl xy | sudo sh” instruction, but considering most people see yay just as yet another package manager, instead of an AUR helper, that’s probably true for most people
That’s probably the “just one step above” part. You do have the option to inspect the script you’re executing before you do so with curl | sh too, if you know what you’re doing. If you don’t, then you’d be pretty likely to just skip the prompt from yay as well. (Automatic diffs are nice tho.) Note: I use paru instead so I don’t know what yay does.
Yay?
yay, a utility to access the AUR, where users share build scripts instead of binaries. It’s just one step abovecurl | sudo shin terms of security.Except it automates the steps you’d have to take to inspect and edit the script, if needed. Also, PKGBUILDs are much nicer to read than just plain install scripts. And, of course, it actually builds a package, which is then installed, so it’s not only tracked but can be updated like the rest of the system.
To be fair, that’s why they said
I’d say that yay encourages checking the PKGBUILD or its diff more than the average “curl xy | sudo sh” instruction, but considering most people see yay just as yet another package manager, instead of an AUR helper, that’s probably true for most people
That’s probably the “just one step above” part. You do have the option to inspect the script you’re executing before you do so with
curl | shtoo, if you know what you’re doing. If you don’t, then you’d be pretty likely to just skip the prompt fromyayas well. (Automatic diffs are nice tho.) Note: I useparuinstead so I don’t know whatyaydoes.I don’t think the aur can switch the delivered script whether you are piping it into sh or not.