You are not logged in.

#1 2021-10-23 10:43:42

Registered: 2021-10-23
Posts: 1

Aur Helpers...

I was thinking, that maybe the arrival of the ARCH based steam deck is a good thing and also maybe a bad thing for the community, I say this because of the following: it can bring more users and interested people to linux, but not everything is rosy. It can also bring people who come with bad intentions (Malware, bugs, etc...) nowadays it is almost impossible for an arch user not to use AUR, it is one of the best things that ARCH has and maybe one of the things that has made it more popular despite the risk involved.

So after thinking about the problem of having a high amount of users, I remembered something that torvalds said at some point: I would like linux to have a similar approach as ANDROID had, so I thought at that time that it would be a good idea to have an app-store compatible with AUR where users can both RATE the AUR and also add comments and have the option to report in case of malware (direct report with those responsible for reviewing this area), in case of bugs the report would go directly to the maintainer/developer of the AUR.

I understand that on the web you can review the AUR and there are comments but there is not enough interaction with the user (I bet almost nobody looks at the web) most of them just yay -S aur without looking. So the best thing would be an app-store developed directly by the same people in charge of ARCH this would avoid the problem of packages that exist with alternative tools to the one I raise in this post (Pamac, octopi) which almost always have problems when there are updates of pacman.

There may be users who do not agree with me for the reason that they want arch linux to continue to be considered a "difficult" distro but this is done for the sake of evolving and not become obsolete, what is not modernized dies, that's how the technological world works.

Last edited by Dansito (2021-10-23 13:46:21)


#2 2021-10-23 11:07:49

Forum Moderator
Registered: 2012-10-16
Posts: 21,154

Re: Aur Helpers...

The AUR already has a rating system. Whether people just do yay -S without checking then that's plain their problem it is clearly stated everywhere that the AUR is user provided and used at your own risk.

It already has an "app store vetted by the Arch team", it's called the normal repositories.

A vetted app store with AUR support by the Arch team is not going to happen, if you have a package that an actual packager is interested in they can just include it in the repositories. The entire point of the AUR is to have a repository that normal users can contribute packages that no existing TU is interested in or encumbered by licensing issues that prevent redistribution in the first place.

I also think that you are overthinking the problems this might cause. The average Deck user will not even know they are using Arch, all of the steam integration will be handled by Valve. Assuming existing popular AUR packages are maintained by trustworthy and active people then that will continue to be the case, if someone uploads actively malicious PKGBUILDs then you can report them, all of this infrastructure is already in place.

Seeing as Arch despite not having any of the aspirations you mention in your last sentence still was chosen as the base for a "modern" device seems to show that the place it is in is perfectly suited for the advanced use cases and they way things are handled apparently favorable for the use cases of people that actually contribute to it or use it as a base building block for something new. So I don't see why you think there's a need to change for anything here

Last edited by V1del (2021-10-23 11:12:07)


#3 2021-10-23 11:14:55

From: Norway
Registered: 2013-05-07
Posts: 258

Re: Aur Helpers...

The AUR wiki clearly states that the AUR packages are not user-produced and not official. And any use of the AUR is at your own risk. The wiki also includes steps for installing AUR packages (none of which mention an unofficial AUR helper), and those steps include verifying that the PKGBUILD and any other accompanying files are not malicious.

An AUR app store might furthermore make it appear that AUR packages are somehow officially supported, which they are not. So in my opinion, this is a bad idea.

In my opinion, if a user simply installs AUR packages without looking (which seems to be a common theme among users of pacman wrappers, such as yay), then they deserve any problems that may arise from such use.


#4 2021-10-23 12:31:26

Inspector Parrot
Registered: 2011-11-29
Posts: 29,373

Re: Aur Helpers...

First, please edit your first post to give this thread a real title - the current one is useless.


Dansito wrote:

I was thinking, that maybe the arrival of the ARCH based steam deck is a good thing and also maybe a bad thing for the community, I say this because of the following: it can bring more users and interested people to linux

Is this what you conclude is a good thing?  How?  Why?

Third, really, fix the title.

"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman


Board footer

Powered by FluxBB