How about not blaming anyone and assuming everyone is doing as best as they can and there will always be problems and that we need to work together to fix them? As you pointed out: it’s Open Source. Isn’t that what it’s about?
I don’t think anyone is not saying the aur needs to be tightened up, but at the end of the day, your machine, your responsibility. There’s nothing stopping you from installing from the aur without doing your homework, but you can’t really complain when you get hit by malware.
The first thing that should be done is to stop auto-approving adoption requests. The second thing is some sort of malware scanning like the chaotic aur.
I can’t say everything in one paragraph and I can’t possibly think about every single use case and include there, so I guess I also have this skill issue.
Sigh. I really need to go to therapy man to help me with the feelings I have at moments like this…
Well, if you can succinctly summarize your thoughts, people are more liable to read and comprehend them than if you write three pages and get ignored ;0
Bearing in mind, we’re all opinionated and that’s my opinion.
Off topic:
Amazing. Is there even a Wiki or such about it somewhere?
A short research on the topic left me with mixed impressions. Therefore I ask although that might be only when there is really nothing in Arch or a good AUR-Package.
I’m not blaming anyone and if you feel like I was blaming you I apologize. However I stand by what I said. I mean if you work on the brakes of your car and screw something up you can’t sue the Manufacturer. The AUR is not OFFICIALLY SUPPORTED so in this case it is very much a USER BEWARE situation.
3 Likes
Well, you’ve got something to keep you busy this afternoon-evening — don’t make any plans 
100% true. And IMHO, @thefrog, you have no need to apologize to anyone. With so many Arch-based distros available, complacency was bound to happen. Virtually ALL Arch-based distros have yay and/or paru installed and ready to use. And these distros tout the greatness of the AUR by saying how many more apps are available rather than using the official Arch repos alone.
A seasoned vanilla Arch user, or even a newer user of vanilla Arch who installed Arch the “Arch way”, would probably be much more vigilant because they are more than likely reading the manual, wiki, Arch News, and finding info on the AUR.
- Having said all that, I thoroughly endorse and stand by this meme I made and posted in the Linux meme topic…
I’m fine. No worries.
Yeah, it’s “my machine, my responsibility”. AND it’s “my service, my responsibility”. Not either one, but both. I feel “OMG, ARCH IS UNSAFE NOW!!!” is bullshit. But neither am I any fan of “DUH, IT’S YOUR OWN FAULT, DUMB USER”.
Not saying you said any of that and of course I am (somewhat) exaggerating. Just trying to make my point clear.
Well, the guy who spams this message is a долбоёб, надеюсь ты это прочитаешь полудурок.
He calls Arch a shitty distro and recommends not to use AUR.
The problem is, literally everything depends on 3rd party unsafe sources like AUR. Many flatpak packages, snaps, appimages, different distros, FreeBSS, even Windows and MacOS.
And what’s worse — programming languages package managing systems are as bad — pip, cargo, npm, etc. are monthly if not weekly or daily under such attacks.
I was saying something like that (here or elsewhere, I don’t remember). The actual malware was an npm package. That could attack just about every kind of system.
I buy a gun from a gun store. The seller tells me that every time I pick it up, I should make sure the safety is on before pointing it at anyone — including myself. I leave the store without even learning where the safety is.
I get home, load the gun, point it at my face while searching for the safety, and end up shooting myself.
According to some people, the seller and the manufacturer are to blame.
This is Arch Linux, not Linux Mint or Ubuntu. New users should know that from the start. If they choose Arch Linux, they should accept both the advantages and the responsibilities that come with it. EndeavourOS, Garuda, and CachyOS make some things easier, but at the end of the day, it’s still Arch Linux underneath.
I’m not being elitist. I’m simply saying that Arch Linux has a learning curve, and users need to be willing to learn and understand how things work.
Flatpaks have security concerns. Snaps have security concerns. Cloning a random repository and compiling software without knowing how to verify the source is also a security risk. And there are many other attack vectors that most Linux users never even think about.
The idea that Linux is foolproof is just a myth. One reason Linux avoided many major security problems over the years is that its user base generally had enough knowledge to avoid common mistakes. Another reason is that Linux was never truly mainstream, making it a less attractive target than other operating systems.
Linux is becoming mainstream, new users are flooding in! Linux will never be the same again, period!
I think this conversation has gone as far as it can.