AFAIK I can
- install Slackware-15.0 by the official ISO here "https://mirrors.slackware.com/slackware/slackware-iso/slackware64-15.0-iso/" and then update to Slackware-current by slackpkg, or
- install Slackware-current by the unofficial AlienBOB's ISO here "https://slackware.uk/people/alien-current-iso/slackware64-current-iso/"

So far am I right?

I have been using Slackware for years but the more I learn the more I am concerned about security.
My concern is whether 3rd party software can be really trusted or not.
I would need 3rd packages too (libreoffice, nvidia, keepassxc, etc...), do you use Ponce repository and sbopkg or install packages from official websites?

Either method should work, although I've never tried that "unofficial current install dvd" that you linked. Another option is to use the Slackware-Live current iso that AlienBOB creates (its automatically created for each update in current, IIRC). That would be here: https://slackware.nl/slackware-live/...-current-live/

Note that on slackware-live there is the "setup2hd.sh" script that performs similarly as the installer, but is designed to install the live version to disk. Afterwards you effectively have slackware current installed and can continue to maintain it from a current mirror.

The "ponce repo and sbopkg" works by downloading the latest source code directly from the official sources, and builds it on your system. You can look over the slackbuild and source download location in the .info file if you'd like, but you would essentially be taking the same steps if you went to the source site, downloaded it yourself, and built it manually. The slackbuild just helps to perform those steps automatically and format the package.

Also, the slackbuilds have md5sums of the source in the .info file, so you can verify that you are working with the same source tarball as the original script writer.

The concern around "3rd party packages" is generally when you install a pre-compiled package from an untrusted 3rd party source. "pkgs.org" comes to mind in that case: I have no idea who builds those packages, or what they might slip into the package. I wouldn't blindly trust those and install those packages, but then some people do.

Personally I trust the packages that AlienBOB compiles and makes available on his repos. You could get libreoffice from his repo but that would be your call to decide whether to trust the repo. I've been using his packages for years so I trust his reputation (though I don't expect you to trust me either). If you want you can also take Alien's slackbuild and build libreoffice directly from source, or, get the slackbuilds/ponce version and build from those slackbuilds.

HTH.

1 members found this post helpful.

Just took a better look, so sbopkg (configured to use ponce repo) just use ponce's slackbuild to make the tgz installable package from the official one and then install it, so i can check it.
AlienBOB builds his own packages but I see he is very known and trustworthy. Building from source would require much time.
Need the alien packages to be installed one by one by "installpkg" command?
I think I'll keep using ponce packages.

edit: actually ponce most of the times builds the tgz package from the official source code at others just make the tgz from the official binary package.
AlienBob additionally always offers his own built packages. I'll definitely try alien's packages.

That would be one method of installing his pre-built packages.

If you use the 'slackpkgplus' plugin to slackpkg you can also configure it to use alien's repos and install packages with slackpkg. E.g. after setting up an alienbob repo, you could use 'slackpkg install libreoffice'. The upside with that method is that 'slackpkg upgrade-all' will also keep slackpkgplus repo packages updated too.

2 members found this post helpful.