AUR is not unique in being a user repository, but it seems somewhat unique in having basically zero oversight. Which is a bad idea for reasons that should be painfully obvious by now.
For comparison, Gentoo’s GURU repository allows everyone to submit packages, but limits the ability to accept these submissions to a subset of trusted users
The AUR domain is aur.archlinux.org and it is linked from the menu-bar on archlinux.org. If AUR is not official, then the Arch sure is sending mixed signals to its users
It’s officially centrally hosting the non-pre-moderated non-official user contributed build-scripts, where “user” means literally anyone.
I’m not sure what argument you’re trying to “win”, and to what end. Or why do you think anyone would care about the manufactured confusion you’re trying to concoct.
Which is not much different from the disclaimer about GURU, though GURU does a much better job at explaining the risks involved in using it:
Disclaimer
Please note that the GURU project is maintained and reviewed entirely by Gentoo users. It is only subject to minimal supervision from individual Gentoo developers, and is not supported by projects such as Gentoo Security. While our Trusted Contributors do their best to keep GURU safe, it is possible for it to contain vulnerable, badly broken or even malicious software. You are using it on your own responsibility.
I don’t use any AUR packages, I don’t even have an AUR helper installed ATM, If it’s not in core/extra/multilib I use Flatpak. Generally I will go to Flatpak’s for userland apps, Krita and Firefox are both in extra (I think?) I still use the Flatpak’s for both. If I’m going to use the AUR I would generally prefer to just build from source.
I stopped using it a while ago, and I get all my non arch packaged packages from nixpkgs. Nixpkgs is bigger than the AUR and the Arch repos combined. It has pretty much all of the stuff I would have otherwise gotten from the AUR. But I find Nixos frustrating to use, so I stick to Arch.
I felt extremely vindicated in my decision to avoid the AUR when the AUR malware happened.
Arch USER Repository. Use the official repositories if it’s a concern.
AUR is not unique in being a user repository, but it seems somewhat unique in having basically zero oversight. Which is a bad idea for reasons that should be painfully obvious by now.
For comparison, Gentoo’s GURU repository allows everyone to submit packages, but limits the ability to accept these submissions to a subset of trusted users
All community projects are open contribution. Most non-community ones too. You know, almost the whole point of open-source!
But that’s not the same as “user repo”, which is a wild west concept on purpose.
GURU bills itself as an official repository that’s user-maintained. AUR makes no claims of being official as far as I can see from their website.
The AUR domain is aur.archlinux.org and it is linked from the menu-bar on archlinux.org. If AUR is not official, then the Arch sure is sending mixed signals to its users
Absolutely 100%.
Not to mention it’s in most of the solutions to every problem Arch users face.
It’s officially centrally hosting the non-pre-moderated non-official user contributed build-scripts, where “user” means literally anyone.
I’m not sure what argument you’re trying to “win”, and to what end. Or why do you think anyone would care about the manufactured confusion you’re trying to concoct.
With a nice, big disclaimer.
Which is not much different from the disclaimer about GURU, though GURU does a much better job at explaining the risks involved in using it:
Who here has NEVER used the AUR with their Arch install raise your hand. I’ll wait.
I don’t use any AUR packages, I don’t even have an AUR helper installed ATM, If it’s not in core/extra/multilib I use Flatpak. Generally I will go to Flatpak’s for userland apps, Krita and Firefox are both in extra (I think?) I still use the Flatpak’s for both. If I’m going to use the AUR I would generally prefer to just build from source.
That’s pretty sound.
Me!!
I stopped using it a while ago, and I get all my non arch packaged packages from nixpkgs. Nixpkgs is bigger than the AUR and the Arch repos combined. It has pretty much all of the stuff I would have otherwise gotten from the AUR. But I find Nixos frustrating to use, so I stick to Arch.
I felt extremely vindicated in my decision to avoid the AUR when the AUR malware happened.
I bet!