Discover shouldn’t be used for Arch or AUR package managaement as it can leave you with a broken system. It’s fine for flatpaks though.
The best and most straight forward way of managing your packages is via terminal and using pacman. Or yay.
If you would like to have something nice to look at, by all means, use Discover if you are on KDE Plasma.
But not for installing or updating packages from the repos. As has been said.
Use it to browse the repos.
Believe it or not @MyNameIsRichard, I was expecting such an answer.
So, I am only left with pacseek, yay or pacman.
Thank you all for all your valuable feed back.
There is also the option to use Octopi, which is GUI-based.
In comparison to pamac, which could break things, its not that intrusive, fairly lightweight and provides a more convenient approach to install packages due to the GUI.
I’ve got it installed and use it mostly to check which packages are currently installed and for it’s notifier app that would report if there are new package updates available.
1 Like
@1093i3511, the thread title says alternative to Octopi
I feel compelled to defend the Chaotic-AUR team because I know those guys break their backs to keep that repo in good shape. It is driven by automation as you say, but there is quite a bit of time and manual effort that goes into maintaining it as well.
Users can request packages be added to the repo on the GitHub issue page (https://github.com/chaotic-aur/packages/issues), but they are not just blindly added. One of the team members looks over the PKGBUILD and determines if the package should be added or not. Often a good deal of consideration and back-and-forth discussion is involved; open up some of the issues on the page and you will see what I mean.
After a package is approved to be added to the repo, sometimes even more work is required. Here is the interferes repo:
Inside each directory is a modification which will be applied to the PKGBUILD before the build process begins. Being able to deviate from the AUR version of the PKGBUILD allows them to fix broken packages, apply changes that benefit the build routine, or add optimizations for the package itself.
The entire build process is completely transparent, and the website is actually pretty interesting to look through. For example, here is the build status page:
You can examine the pipeline, see what packages are being updated, or inspect the logs for a failed build if you want to. A lot of it goes over my head to be honest, but it’s still pretty neat I think.
Is it possible to sneak a malicious package into the Chaotic-AUR? Yes, absolutely it is. There are tons of packages in there, and a comparatively small team to look after everything. There is no way they can vouch for every package in the repo.
But if anything, it’s harder to get a malicious package into the Chaotic-AUR than the regular AUR because there is the additional barrier of the team checking over packages during the approval process, and while performing maintenance tasks. That is not to say people should use it or blindly trust the packages in it, but rather to say it is unlikely to be more risky than installing the same package from the AUR itself.
At the end of the day, as with the regular AUR, it is ultimately up to the user to review the package and inspect the PKGBUILD to decide if they would like to install a package or not.
Speaking of Pacseek and reviewing PKGBUILDs, you can review the PKGBUILD for any package from within Pacseek itself by pressing Ctrl+P.
You can also press Ctrl+O to visit whatever URL is listed for the package. A very handy tool for reviewing packages! 
3 Likes
Thank you for taking your time for writing such a thorough post explaining aspects of the process of package building by cahotic-aur.
I do hope that you understand that my intention of writing what I have written above was not to attack anybody or any team. Nor was it intended to express disregard to their hard work.
And my main concern being the lack of revision of the PKGBUILDs when they are updated in AUR and pulled automatically by chaotic-aur. If I am wrong about this, please correct me. I would appreciate it.
So at the end, even though you have the signing keys in your pacman keys and the repository in your pacman.conf etc. and installing that software you always wanted is being just a sudo pacman -S away:
Thanks again for your clarification!
1 Like
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.