i was a little skeptical about the no aur but I mean it was just a mistake and honestly Wayland and X may as well be the same safety level. But regardless of it being the solution I am just going to take like 2 points out of the answer which is flatpaks and virtual machining
With the AUR you just have to be careful and understand how the package is built. But thanks to its transparency, you can know exactly what goes into it, and how safe it is. What you should definitely not do is type yay package_name and blindly install random stuff.
yes, I always check the github of the project and only then I install it (also check the dependencies)
Not enough. Check the PKGBUILD.
I know the PKGBUILD. Iāll try checking it more
Installing packages from the AUR requires sudo and a) the user asked for non sudo package managers, and b) if a problem with a package or application occurs, at least it does not have sudo rights using Flatpak. And Flatpak apps have a permission system, which is more secure and private than not having it. Wayland is also more secure than X as explained already. What evidence do you ask here? The evidence is the concept of it. That is more secure and private than X11.
A malicous application in the AUR is way worse than a malicous application installed with without root and with at least some permission rights on Flatpak. Like with XZ application you would update your Flatpak app just like you would update the package with your package manager.
I use the AUR myself too, but one has to know and understand what is happening and look beyond the install script if one is suspicious. The PKGBUILD script is rarely the issue itself, just like the installer with Flatpak itself is.
Itās just parroted words written without any evidence. In what practical way does Wayland offer more security to you than Xorg? What security issue did you encounter on Xorg personally that Wayland solved for you?
Except the issue of getting the approval of idiots on Reddit, that isā¦ 
Wrong.
A malicious package in the AUR is not somehow worse than one in the Flatpak repository ā itās pretty much the same, if it wants to, and youāre foolish enough to let it, it will get complete control over your system. The significant difference is that itās easy to discover malicious stuff in the AUR due to its transparent nature, but very difficult to discover it in flatpak. Updating the flatpak depends on the flatpak maintainer actually pushing an update. They are often very negligent in that regard. So no, you canāt just āupdate itā, if the update is not available. There is plenty of ancient stuff in Flatpak, some critical vulnerabilities that are years old.
The user is wrong in thinking that sudo is a security issue, instead of a security benefit.
@thingsiplay getting humbled 
Perfectly soundly written PKGBUILD from AUR can also package and install perfectly unsoundly written code from the source. So if one wants to be absolutely certain that nothing unsound is installed on their system, look into the source.
yeah. thats why i look at the github and Iāma start looking at the PKGBUILD too.
This is not to get approval of idiots on Reddit, just because you disagree. I recommend into reading what Wayland actually is and why it is more secure. Just like Wayland, Flatpak is not perfect but has controls and APIs in place to control specific parts and allow applications to do narrow things. Just because a program can have vulnerabilities does not negate the positive effects of control.
You donāt provide evidence that X11 is not less secure than Wayland too. Asking people what security issues encountered personally and then to use something unsecure because one did not encounter one personally?
This argument is a null-argument, because updating the AUR package depends on the AUR maintainer actually pushing an update as well. The AUR has outdated packages as well and not all are maintained by trustful members. Just like with any package managers, you should only install applications from trusted sources (like the original maintainer of Flatpak package).
@IDKnix What do you mean by āgetting humbledā?
Wrong again.
The advantage of dynamically linking libraries is that you donāt have to update the package from the AUR to benefit from an update to a library. So, the moment a library that contains a vulnerability is updated (and those updates are pushed quickly by the distro maintainers), all packages that dynamically link to that library use the updated code without the vulnerability. Those packages do not have to be updated themselves.
Of course, this is not true for Flatpaks which statically link their own dependencies.
I never claimed that Xorg was more secure than Wayland. Iām just calling out Reddit-level 
when I see it. Parrots repeat all over the web: āwAylAnD iS MorE sEcuRE tHaN x11ā, yet nobody cares to provide a single argument or piece of evidence to support that nonsensical claim. Itās not more secure, itās just as bad, except it has crippled functionality, so itās a bit more difficult to abuse.
XD me too
Thatās just dancing on words. You still need to update the package. An AUR package can have dependencies like binary files or download from Git too.
Wrong. If you update a dynamically linked library, you donāt need to rebuild everything that uses that library, as long as the API remains unchanged.
Thatās the whole point od dynamically linking stuff. 
For example, when you updated xz a few days ago, you didnāt need to update everything that uses xz to benefit from that update, as long as the linkage was dynamic (which is true for all repo packages and most AUR packages). On the other hand, you probably still have a bunch of Flatpaks that contain an old version of xz bundled in them, statically linked. Maybe one day their maintainers will push an update for them. Maybe.
Did you personally encounter such an issue with Flatpak app? Or are you parroting what others say? This XZ issue wouldnāt even make to most Flatpaks, only to those which are maintained. And in such a situation they would update the packages as well, just like the distro maintainer updated. So you build something in your mind. And worse, such an infected package would infect all linked packages as well.
In example there are packages in the official Arch repo, which sometimes donāt get updated for weeks.
I can provide an argument of why Wayland is less secure - because thereās no way in hell anyone would be able to rewrite all programs ever written for Linux to completely exclude X11 / XWayland from their system.
So absolute most of people will use X11 / XWayland alongside Wayland, which is very stupid.
The only thing youāre doing by introducing it therefore - is making your attack surface much bigger, and also making life of both devs (by wasting their time) and ordinary users (by taking away some features they had for years and introducing new 
) much worse.
No, of course I didnāt. Iām not an idiot.
I donāt use Flatpak.
But I understand how static linking works, to know itās a terrible idea.
this sure is entertaining. I dont know much about linux so I can just sit back and relax