I just noticed that ‘beeper’ the unified messaging platform is now available on the AUR repo. Previously, I was only able to download it from the official website in AppImage format. I am wondering, generally speaking, what is the benefit exactly if I switch to the AUR version of an application coming from AppImage or potentially even FlatPak?
So far, I have been practising sourcing apps in this priority order:
Official repo>AUR repo> Flatpak>AppImage
I’d say you should switch that order to Official Repo>Official AppImage (if available)>AUR>Flatpak
From what I’ve read, there’s no way to check the contents of FlatPaks, so they should be treated like potential viruses/adware/etc.
As for the AUR, though you can check the contents, if you don’t actually understand it, it doesn’t matter. This of course is true for any app, even if it’s straight from the developer.
And the reason Official AppImages are second for me is that you are getting it straight from the developer - unless someone went through the trouble of spoofing the site
But I understand that updating an app manually will feel like you are using Windoze, which is why the ones I have are non-essential apps for the most part.
From this list, only Filen is necessary. The rest are for convenience (Freetube, OnlyOffice, Tutanota), testing (activitywatch, joplin, moosync, novelWriter, ungoogled), or just to play around (gifcurry, PureRef).
PCloud is essential too, but I switched to Filen, so it’s just there to be updated automatically.
I have heard this too and I still don’t know whether to believe it or not. On one hand you hear this and on the other hand you have people say Flatpaks is all they will ever use because it’s safer lol. What’s the real deal here?
The real deal is that FlatPaks are safer for your system because you can put any number of restrictions on them. However, you can’t actually check the source code the way you could for the AUR.
Again, being able to check the source code is irrelevant if you don’t know what you are looking for.
They are technically far safer than the AUR . It’s a game of install what you trust enough on your system. In many cases though, probably most, people’s data security threat levels are tiny, and they don’t need to worry about this stuff at all.
For what its worth, I would only use official Arch repo and the AUR. With the official Arch repo and the AUR, you can see exactly what the pkgbuild file is doing and from where it’s pulling the source code. All containerized application delivery methods are hiding the code within the container system. AppImage is probably the most transparent, but they all are suspect in my view.
Personally, I wouldn’t recommend that as a general rule.
You have no idea what is in the appimage. Keep in mind that the appimage doesn’t only contain the application. It contains the application and all the libraries required to run it. Often appimage developers will include outdated, insecure or other problematic software in their appimages. Just because an appimage is official, doesn’t mean it is safe to run on your system.
I completely get this. But this is a risk I take with everything, even the Official Arch Repo. I trust people I don’t know to do the right thing simply because they have a reputation to uphold. Which is why I said this after:
I guess the main difference is that Arch tries to include updated dependencies and such.
This is questionable thinking. The people who package for Arch(or most other major distros), have standards they work against and have a good knowledge of what they are doing.
While you might think that the people who develop software would have the same skills and knowledge, in practice, most of them don’t. It is surprisingly common to see mistakes being made here or, in some cases, devs just being lazy and including things they know work instead of updating them.
since you asked:
makes more sense to AUR. If you know what you are looking for when viewing another’s work (great tutorials here). Updates with the system, natively.
To me: Appimages a PITA. they don’t dock all the time, at least for me. I don’t want to have write it into a desktop file, it cuts into precious lager time. Have to launch them independently. even after changing permissions (mandatory) there’s no guarantee it will launch and I’d say it’s that way with 1 out of 4 or 5. Yeah 20% no matter how much gushing about appimage you hear elsewhere. And another thing–it’s often immune to the system theme…
It’s only pro is it’s sandboxed ootb but that’s not enough to dismiss the other stuff.
edit: forgot to add “2 cents/that’s just like my opinion,man”
actually it’s always been Budgie, based of the gnome stack. it would make sense, in a funny way, if the appimage was distro-agnostic, but I agree with you there are factors that probably determine all that behavior I described.
I’m always trying to stick with official repos and if needed AUR while checking the pkgbuild contents, the only time I use flatpaks is, if I can’t find it the other ways described before.
Lately I’ve seen this distrobox thing, looks really interesting, too. But I didn’t have time to take a closer look til now.