∧∧∧∧∧ ∧∧∧ ∧ ∧
∧ ∧ ∧ ∧ ∧ ∧∧∧ ∧
∧ ∧ ∧∧ ∧ ∧ ∧ ∧ ∧
∧ ∧∧ ∧ ∧∧ ∧∧∧ ∧∧
hidden arch rant
community
adsfjksadjgfhsjlksdfnkds,mvndsajkvndlkdsfdblkfds
i hate the arch community!! theyre all so pompous & stuck up in their ways & will complain endlessly about gnome and stuff
aur
-
the aur is insecure on purpose. its "convenient" but has so many flaws with the system.
- packages just arent reviewed. they could be reviewed.
- nixpkgs uses github PRs and people actually look over your install script before they merge it
- arch just lets you push whatever you want to the aur? how much effort would it be to get like, one maintainer to review an aur package before it gets pushed to main?
- its not like having a review process really limits the amounts of packages, see this repology chart which shows how nixpkgs has more packages than the AUR despite it's processes.
-
via the manjaro forums:
On one hand you're ''on your own'', and AUR packages are not ''officially supported''. That one is easy to get, it just couldn't be another way.
Yet the AUR is undeniably one of the main and fundamental attractions of Arch based distros, besides the ease of customized installs and the rolling thing.
of course, this is an issue everywhere. like downloading an exe for windows, or a deb/ppa you found online, packaging is inherently insecure unless its vetted by trusted people. security is a spectrum really, , maybe. im not a securitist, but i am going to impose my views upon you anyway:
going on
github and appimage flathub trusted you browse
searching aur distro repos the internet
"virus" ←------------------+-----------------→ via email
random debs/rpms nixpkgs
downloading random
exe's, but you run
them through wine
↑
personally, my "line" is | here roughly
i dont really have the full picture here of how secure these distribution methods are but this how i feel on it i guess
the arch repos
clearly not thought out properly
also update gnome quicker!!