So I know many people say one of the biggest advantage of arch or an arch based distro is that it has the access to the aur. And I read in arch wiki and in Discovery of Endeavouros, that we should try to avoid packages from the aur as they are submitted by the users and could break my system. So should I install flatpak and use flatpaks and if I don’t find any of my required packages in flatpak then use the AUR?
Hello, a package or software verolé does not make old bones on aur, moreover aur is very supervise. with difference of a package flatpak
Hello,
I used to ask the same thing, and the response I got is that AUR packages are mostly fine,
yes they are submited by users, but, most arch user are not pirates xD, still, you can check for the comments and bug reports in case is not mantained or something like that, it is mostly a matter of common sense.
I indeed use snappies and flatties, because they are sef-contained and get updated only when I tell them to. So Arch keeps rolling and they stay put.
The other thing to consider is building times, eg, you can build gimp from aur, but I rather go with the repo, if that is broken, then the flatpak, and so on.
I only use pakages from the aur that are built fast, like rclone-browser.
Hope this helps,
You can always ask if a particular package looks weird at any time, changes are someone is using it and can tell you if is too unstable.
Cheers
flatpaks are not safer than AUR packages as a general rule.
A flatpak is a framework and packaging format. Anyone can make a flatpak. flatpaks can have malicious code just like any other package. This is true of just about any packaging format you can think of.
You shouldn’t trust a packaging format. You should trust a packaging source/packager. In other words, Arch/EOS repo packages aren’t trustworthy because they use pacman’s package format. They are trustworthy because they are packaged by Arch TUs or the EndeavourOS team.
As this relates to flatpaks, you need to look at who is packaging them. Some flatpaks are officially packaged by the team/publisher of the software. Those should be considered pretty safe. However, many are not. Then it comes down to do you trust the packager.
The AUR has a huge advantage when it comes to trust. That is you don’t really need to trust anyone. AUR software isn’t packaged by a 3rd party. The packages are built on your machine. The AUR PKGBUILD files which are used as the “directions” to build the software are easy to view for yourself. Many AUR helpers even offer to display them to you as part of the update process.
Of course, whether you choose to prefer flatpaks over AUR packages is entirely a matter of personal preference. The great thing is that, here, you have the ability to choose for yourself.
Woah didn’t know about that advantage of aur. Now I see why people consider using packages from the aur. My confidence is installing and using packages from the aur has been increased.
Consider searching the forum, there have been about a dozen topics about this.
In my opinion, for what it’s worth, AUR is much more preferable than flatpak. And I’d rather not use a computer than use snaps.
Yeah, sorry done this mistake by not searching the forums properly. Next time I will try not to create a discussion without searching properly. Its just a newbie habit