TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

75% Positive

Analyzed from 263 words in the discussion.

Trending Topics

#aur#distro#something#user#model#repo#pkgbuild#package#don#namespace

Discussion (12 Comments)Read Original on HackerNews

AshamedCaptain35 minutes ago
I'll note that OpenSuse also has Packman which a shitton of people enable (for codecs), has also 'one namespace only' an looser policies than the main distro.

I do not think this something you can escape by switching distro.

cqz9 minutes ago
Yes, the only reason this isn't happening in other distros is simply popularity.

Namespacing is the solution, and as mentioned in the article some ditros do indeed have namespaced user repos, like Fedora's Copr. The trust model of a flat namespace user repo is completely broken when the maintaining user can change at any moment.

rvz42 minutes ago
Who still uses Arch btw after this?
rcxdude9 minutes ago
The AUR has consistently had warnings around it of 'verify the PKGBUILD', far more so than any other package repository that allows anyone to sign up. Probably the only notable difference is the ease of taking over an orphaned package.
anagram66630 minutes ago
If you want something from the AUR, just don't be lazy, read the pkgbuild.
segfalt_28 minutes ago
I do, I'm just choosy about aur packages I use
giancarlostoro39 minutes ago
I still do, I just don't touch AURs anymore.
akerl_40 minutes ago
Is there another distro that has an equivalent of the AUR with handling you think is preferable?
orbital-decay22 minutes ago
AUR is fast and loose and doesn't do much "handling" by design, so it's hard to find any equivalent repo. But there's always a tradeoff between fresh (nixpkgs unstable, might be the closest) and tested (Debian).
akerl_14 minutes ago
AUR isn't just "the testing repo of Arch"; it's explicitly just an open spot where anybody can put up "here's a PKGBUILD for folks". I don't see how it's like either the Nix or Debian examples.
guilhas18 minutes ago
Gentoo

But let's hope we get this solved, like peer review model, vouch, or something

It is very good to be able to find build/install files for everything

akerl_11 minutes ago
Gentoo's model appears to be basically the same? Like the AUR, anybody can submit basically anything they want. The requirements amount to containing valid packages, having a bugzilla account, and putting your package definitions in VCS somewhere.