I agree Same here
I still use it for one package (mailspring). Same maintainer.
You will probably get away with that,because you know the package and can keep an eye on it.
There may be an alternative like getting it from the original developer, or getting source code from github and compiling it yourself.
I went ahead and got a flatpak version going.
Good move. That is safer. Flatpak is a reasonably trustworthy source.
I love the concept of AUR. Itās very similar to Slackbuilds. Itās a shame when people do something malicious instead of trying to contribute to a community. Unfortunately, it makes the community feel unsafe. It can prevent people from working and building together. Iāve read suggestions that there are those who consider some kind of trust system or trust ratings would improve situations like these. Canāt say Iāve been impressed with any trust implementations Iāve seen to date. Free Software is open for a reason. We can read the code and the scripts we run. I think the safest solution is to look through the code before running something on your system. Itās one of the reasons I prefer simple, low dependency software that does one thing well. Large pieces of software with hundreds of dependencies are not a highly achievable target for auditing purposes especially if you want to know exactly whatās running on your system. However, if a program or script is small, clean and low dependency without requiring a bunch of languages or unreadable binary files, it is easier for one person to audit and understand. I think we need to do that for ourselves not just rely on some anonymous upstream source to tell us what we install is safe to run.
That is fine for users who have sufficient knowledge to read scripts or code, and is also a good argument for writing clean code.
but
what are less knowledgable users to do?.. Their only safe option is avoidance.
Personally, I really enjoy looking at well written code or scripts. Apart from safety checking, you learn from the work of others.
but
I have no idea if it would be possible to put together a system entirely from such code. Maybe CLI only ⦠DEās are riddled with dependencies and often use C++ which I regard as unreadable.
2 posts were merged into an existing topic: Building a system from simple components
2 posts were split to a new topic: Building a system from simple components
I dont get it⦠the last 2 replies were moved to a new topic, but copies are still here? Two other replies involving Howard were also moved
Please, reply to those 2 in the new topic
At present, there is nothing I want/need on Garuda Mokka Linux that I canāt get from the standard Garuda repositories which includes Chaotic AUR. Packages in the Chaotic AUR are ones from the Arch AUR and vetted the same as any other Garuda repository. This may be one reason for my initial statement (above). When I first began to use Garuda Linux, I was a OneDrive user, so I searched the Internet for a OneDrive client for GNU/Linux and found one on GitHub, and learned that itās available from the Arch AUR when viewing the Install Guide so I used the installation command provided in that guide.
I no longer use One Drive due to Microsoftās incessant nagging that I do so as well as the fact that they limit free data storage to 5GB. Currently, i use mega.nz due to their zero knowledge end-to-end encryption, 20 GB storage with their free plan, and the fact that Iām never pestered to try/use any newly available feature.
My recommendation is the same as it has always been, since the packages in the AUR are community submitted without any vetting, avoid using them if at all possible, and if you find that you canāt find a app either in your distributionās official repositories or on flatpack, then proceed with the up most caution or find an alternative.
Ernie