So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR. Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.

For example, one of my friends wanted to download an audio tool called Reaper. On Windows this is just looking up the application and clicking on the .exe. It really depends on the dev if they include a .deb, sometimes you might need to download the .sh file or they may tell you to compile it yourself. Perhaps, you have to add a ppa. On Arch, all I have to do is Paru -S Reaper, if there are multiple Reapers I can look for that by typing Paru Reaper.

Now that Arch is so easy to install with the Archscript, and the software repo so vast and easy to use, is Debian really user friendly if you have to jump through several hoops to download programs?

Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.

  • yianiris
    link
    fedilink
    010 months ago

    2 Do you honestly think one can just make a fake account up, register, and publish an AUR pkg with rogue code that easy? There are checks for code whether it is safe or not, whether it is asking for right elevation, altering the filesystem’s rights, etc.
    You are making it sound like registering for X and publishing a tweet.

    3 The most dangerous software I see on AUR is browser bins by the BIG NAMES not the little script stuff.
    People are afraid of people instead of large corps
    @constantokra

    • @[email protected]
      link
      fedilink
      310 months ago

      I think people can hide lots of things in code, especially when people don’t generally look at it. And I know people don’t look at it when they talk about how convenient the aur is. It’s at best marginally more convenient than installing from source.

      I’m not at all suggesting that people should place more trust in large companies. I’m suggesting that packages in the aur with lots and lots of users should be trusted more, specifically because some of them will be checking out the pkgbuild, and the source, and presumably some of them would notice if the software did something it wasn’t supposed to do. Obviously the larger the software the harder that all is to check, and correspondingly you’d want to see many more users using it before you’d extend it any trust.

      My point being, i’ve not seen these discussions taking place. Maybe I’ve just missed them. But I feel like it’s appropriate to bring it up when I see people talking about just how.convenient the aur is. It’s really not that convenient if you’re using it in a way that i’d consider reasonable.