Yay is itself an unofficial piece of software with terrible security defaults such as not showing diffs by default. To install yay you go outside the official repositories, it is no more trustworthy than going to enthusiastsite.com and downloading some makewindowsawesome.exe
The AUR is still a better solution than everyone (mis)managing their own systems and never updating anything but it is not vetted, it’s in the bloody name what it is.
The rest is just social problems, if you’re not fit to audit code and have to rely on trusting maintainers why would you expect removing them would make it better. Look at windows for an indication of the ludicrous mess of out of date and vulnerable software or ransomeware etc that will happen.
Yay is itself an unofficial piece of software with terrible security defaults such as not showing diffs by default. To install yay you go outside the official repositories, it is no more trustworthy than going to enthusiastsite.com and downloading some makewindowsawesome.exe
The AUR is still a better solution than everyone (mis)managing their own systems and never updating anything but it is not vetted, it’s in the bloody name what it is.
The rest is just social problems, if you’re not fit to audit code and have to rely on trusting maintainers why would you expect removing them would make it better. Look at windows for an indication of the ludicrous mess of out of date and vulnerable software or ransomeware etc that will happen.