Not even. The PPAs are created and hosted by very specific maintainers with very specific packages. So you have someone to blame and a single software to clean up if things go wrong. And word spreads fast. Yes, there's a risk, but you can sort of judge how big of a risk it is.

Meanwhile with AUR, it's just a giant repo in which anybody can just dump whatever. The risks are huge. If I were on Arch, I wouldn't touch it for anything. I'd rather compile the source code myself for any software I need instead of getting it there.

[–] zelifcam@lemmy.world 1 points 2 days ago* (last edited 2 days ago)

I said nearly and you know exactly what I’m talking about. Either way you have to verify the source and that source is not from the official repos. That’s essentially the same issue using both methods.

Sure, common Debian PPAs might be Docker and NVIDIA because people actually might need recent software with recent features to make Debian usable for them, but I’ve been using Debian since around 2000 and for sure 3rd Party / unverified PPAs are used to circumvent the sometimes awesome but sometimes painfully old software in the official repos.

Both can be abused, both require care. Sure, it’s much easier for a careless user to get caught up in installing from the AUR because it’s so easy to do so, but your take is disingenuous and honestly naive.

rather build from source

Yes, exactly that’s precisely what most are using it for. It’s single file that usually either pulls down some binary somewhere or source from git and builds it. edit: AUR is not something a user can even tap into unless they really want to and add the ability to their Arch install.

I looked over your responses on this thread and I don’t have the energy to go any further with you. You got pissy over the response you got and it shows. You’re dealing with some folks on here that have been using UNIX BSD and LINUX for a very very long time.

[–] zelifcam@lemmy.world 0 points 1 day ago* (last edited 1 day ago) (1 children)

Ffgvvbbhb

[–] ZombieCyborgFromOuterSpace@lemmy.ca 1 points 1 day ago (2 children)

I've been a Linux user for 26 years. I made distros for hardware manufacturers. I know very well the distinctions between the AUR and the regular Arch repos and the parallel with Debian's.

With Arch, the problem is that the AUR is available in the first place and is very easy to enable. People, especially new users, won't necessarily understand what they're getting into when enabling it and getting packages from there. A lot of the advice people get online suggest to get packages from AUR. So Arch users are bound to use it at some point.

And if you add to that the fact that the standard repo has bleeding edge package versions with minimal testing means that vulnerabilities can also get introduced. And it's happened before. This affected Arch, OpenSUSE Tumbleweed, Fedora, but you know what distribution wasn't affected? Debian stable and Ubuntu LTS.

And on top of that, I'm not even going to mention how unstable it is and how even just making updates is risky on Arch. You have to be on your toes all the time and you can end up with a broken system at any time. For a main PC operating system, I find that absolutely unacceptable. At least Manjaro tried to improve on this.

Valve switching to Arch makes sense though. They moved to Arch because they wanted the most up to date software and drivers available with a faster release cycle. Then control what versions they push to their devices. They keep a tight control over what gets updated by curating their own repositories. So it's not purely Arch either. It's Arch-based. You can expect software to be a little older on Steam OS.

In any case. For me, Debian is the solution. I'm looking for stability and security. It has a huge repo with practically every software under the sun. There's tons of documentation and support and a huge community. For me the distribution works OOTB without any hitch. I just know that I won't spend time troubleshooting something on my time off. I already do a lot of this during work.