You are not logged in.

#26 2022-11-11 19:48:47

icar
Member
From: Catalunya
Registered: 2020-07-31
Posts: 542

Re: is there a way to install aur packages without building them?

jasonwryan wrote:
benibilme wrote:

One more question. What do you think about flatpak security. Could flatpak be more trust wordy than AUR packages if I use only official repositories.

https://flatkill.org/

In defense of Flatpak beyond my positive experience, there is this: https://blogs.gnome.org/uraeus/2021/09/ … x-desktop/

Offline

#27 2022-11-11 19:58:52

seth
Member
Registered: 2012-09-03
Posts: 66,149

Re: is there a way to install aur packages without building them?

https://xkcd.com/927/
Edit: almost a textbook example…

Last edited by seth (2022-11-11 19:59:21)

Online

#28 2022-11-12 23:34:06

lfitzgerald
Member
Registered: 2021-07-16
Posts: 174

Re: is there a way to install aur packages without building them?

jasonwryan wrote:

This is like buying a fancy new lock for your house, leaving it unlocked, then blaming the lock manufacturer when you get robbed. Flatpak packagers opening up the whole disk is PEBKAC not a flatpak bug. Also can't you restrict it more when running, regardless of default permissions? But I suppose it's useful to know an ecosystem is full of idiots before deciding to use it.

Offline

#29 2022-11-13 01:34:45

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 30,386
Website

Re: is there a way to install aur packages without building them?

lfitzgerald wrote:

Flatpak packagers ...

Was the irony here deliberate?


"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman

Online

#30 2022-11-13 08:38:28

seth
Member
Registered: 2012-09-03
Posts: 66,149

Re: is there a way to install aur packages without building them?

Flatpak packagers opening up the whole disk is PEBKAC not a flatpak bug.

The problem here is that you're shifting the exposure responsibility of your system from your distro and yourself to your distro, yourself and random idiots¹ and exploit ridden dated libraries from the days of yore.
The flatpak promise is to provide shielding against that, but the shield works like https://en.wikipedia.org/wiki/Cooperative_multitasking … that's not a PEBCAK but consumer misleading.

1) container systems are popular w/ people who cannot write compiler or API aware code and rely on very specific library versions - how do you assume they'll "solve" any kind of host access issues?

Online

Board footer

Powered by FluxBB