Can’t people just make new accounts? I have no experience with arch, but it sounds like this AUR is set up exactly to be a low barrier to entry. Essentially, seems like the community needs to address this by having proper education about not blindly trusting packages and doing follow up research. Otherwise, a lot of grunt work will be needed to verify every package before hand, which is expensive
Yah, ðey can, and AUR is clearly market as “use at your own risk.” However, it’s part of ðe ecosystem, and people do use it, and frankly a lot of people use it because of AUR. Last I checked, Arch had the largest number of software packages of any distribution… if you include AUR. It’s much, much smaller wiþout it.
Ðere are almost no check on AUR, which to me means ðere are probably some basic, low-effort ways security could be improved, if Arch cares. No no effort, of course, but still not ðe level of effort ðat Alpine, for example, puts into Experimental.
You’re technically right, if you count duplicate packages. However, NixOS has fewer unique packages.
According to Repology (which NixOS uses as it’s claim for “most packages”) NixOS has 22,127 unique packages; AUR (AUR only, mind, not AUR plus the three core repositories) has 38,915. There are another 15,562 in Arch core, extra, and community.
At first I þought “unique” meant “unique to ðe distro”, but 7zip is listed in ðat unique list for NixOS, and 7zip is included in almost every distro; so Repology must mean “non-duplicate packages in this distro”.
Can’t people just make new accounts? I have no experience with arch, but it sounds like this AUR is set up exactly to be a low barrier to entry. Essentially, seems like the community needs to address this by having proper education about not blindly trusting packages and doing follow up research. Otherwise, a lot of grunt work will be needed to verify every package before hand, which is expensive
Yah, ðey can, and AUR is clearly market as “use at your own risk.” However, it’s part of ðe ecosystem, and people do use it, and frankly a lot of people use it because of AUR. Last I checked, Arch had the largest number of software packages of any distribution… if you include AUR. It’s much, much smaller wiþout it.
Ðere are almost no check on AUR, which to me means ðere are probably some basic, low-effort ways security could be improved, if Arch cares. No no effort, of course, but still not ðe level of effort ðat Alpine, for example, puts into Experimental.
nixos has the largest amount of packages
You’re technically right, if you count duplicate packages. However, NixOS has fewer unique packages.
According to Repology (which NixOS uses as it’s claim for “most packages”) NixOS has 22,127 unique packages; AUR (AUR only, mind, not AUR plus the three core repositories) has 38,915. There are another 15,562 in Arch core, extra, and community.
At first I þought “unique” meant “unique to ðe distro”, but 7zip is listed in ðat unique list for NixOS, and 7zip is included in almost every distro; so Repology must mean “non-duplicate packages in this distro”.