leaving security to the user by default is a recipe for disaster
@the-k the AUR exists on the premise that the user has the necessary technical acumen to mitigate the risks of installing user-submitted packages. People using AUR helpers (and "friendly" derivatives) to upgrade packages without review is the much larger risk here.
That said, my argument could also be applied as a reason for bumping the version and telling the user to just reconfigure DNS (the user is just as capable of maintaining their system config for the packages they have installed). Either way, you decide whether to pull the latest changes from AUR and build your package from that. You are always free to fork the package or start your own repo. You may disagree with the maintainer's decision here, but he still doesn't owe you anything.
Pinned Comments
alerque commented on 2021-11-27 03:11 (UTC)
@ant0n et all, lets keep the comments here about packaging issues, general Brave usage issues should go in another forum to not clutter up this comment space. I'm deleting comments that have no relation to packaging. Grey areas like crashes that could be blamed on Arch can stay until proven otherwise, but things like how to configure Brave to handle popups or site X or whatever just don't belong here. Thanks for understanding.