Yes I think it is that is probably why I remembered it , sounded a bit weird to me 
I will always AUR!
Some people maybe tempted to use this kind of third party repositories for convenience. However if the packages are built automatically by bots and there is no revision of the PKGBUILDs, I donât think thatâs a very good idea.
I guess youâll chuckle at first when I tell you that Donald Knuth developed LaTeX. And that this fact has nothing to do with clothing made of Latex rubber.
I guess some people like to live on the edge
Thanks @dalto for your feed back. This with what @keescase and @thefrog said makes me feel more comfortable with AUR
1 Like
Me too, I like living on the edge. Thatâs why I am using Arch. But I wouldnât want to trade the security of my system for the convenience of installing packages from a repo whose build process I have no insight in.
I had a vague memory of a post on the forum by @dalto. Here it is:
2 Likes
He should have called it Knuth that would have been a original name I think.
This is what made me ask initially!
1 Like
That is saying you should use the AUR instead of using 3rd party repos.
3 Likes
Wait a minute, Havenât you pulled the 6.14 kernel out of the testing repository ?
Yes. I donât regard the Testing repo as third party repository. It is already included in your pacman.conf. Disabled by default yes, but official nevertheless.
And I consider it as a testing environment for potential releases which havenât proven to be stable yet, as the name suggests.
I understand for sure @dalto, I mean this confirms what I said at the beginning and why I was worried about AUR.
We were talking about security and not stability. What is in testing repo may introduce instability, sure.
Even so, when it comes to the latest released kernels, they have already undergone 7 weeks of testing, bugfixes and stabilization by Linux kernel developers before they are released and only then they are build by Arch and gets into the testing repo.
1 Like
That might be true for the kernel, but generally I wouldnât recommend it to use the testing repo at all. Especially for a new user it may result in issues when some dependencies are broken.
Thus, as this thread was obviously started by a user who isnât that familiar with the way arch is managing things, it should be made clear that the testing repo should be avoided, even if official or listed in the pacman.conf
I wasnât advocating for the use of the Testing repo.
You brought up the fact that I had used the Testing repo for installing kernels which was irrelevant to the discussion about third party repos.
Anyways, I was just expressing my concerns about using third party for installing software. The point was the process used by some third-party repositories for building packages and if they should be trusted or not.
Specifically, chaotic-aur where the PKGBUILDs are pulled from AUR and built automatically. I may be wrong but I donât think the PKGBUILDs undergo a checking in this process. What if some uploader inadvertently and by mistake introduce some bad line in the PKGBUILD in AUR. Would you trust and regard as secure to install a binary build on it? I certainly wouldnât.
But, you are right, Archâs Testing repo should only be used for the purpose of testing and not on production systems where stability is a requirement.
Avoid any use of the testing repository, even individual packages from testing. These packages are experimental and not suitable for a stable system.
https://wiki.archlinux.org/title/System_maintenance#Use_proven_software_packages
I must also add, when it comes to kernels, what Arch considers as testing may not be considered as such by other Arch-based systems. Have a look at CachyOSâ repository for example, where 6.14 in different iterations are part of their official âstableâ repo.
Yes @1093i3511 I was not perfectly sure how things go, I was under impression that AUR was for testing or for âanybodyâ to upload âanythingâ, but @dalto as usual clarified things for me. I have a much better understanding what AUR is about.
1 Like
What about KDE Discover? I read many threads one of them was KDE 'Discover' issues arise? - #18 by rich52 Is it OK? Can it be used as a frontend to software install? Would it break the rules of preferring command line install?
Not for repo software, no. It should not be used.
You can use it to install flatpaks if you use flatpaks.
It has nothing to do with command line or not. It uses PackageKit and you should never use PackageKit-based tools on Arch-based distros.
If you want to use a graphical package manager, use one that properly supports Arch-based distros. Octopi, pamac or bauh.