Linux Memes

1073 readers

1 users here now

A community for posting memes relating to linux!

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

Personally I'm grateful to not need 3rd party packages (lemmy.world)

submitted 6 months ago by TheTwelveYearOld@lemmy.world to c/linux_memes@programming.dev

9 comments fedilink hide all child comments

top 9 comments

sorted by: hot top controversial new old

[–] Feyd@programming.dev 6 points 6 months ago

From https://wiki.archlinux.org/title/Arch_User_Repository

Warning: AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.

Warning: Carefully check the PKGBUILD, any .install files, and any other files in the package's git repository for malicious or dangerous commands. If in doubt, do not build the package, and seek advice on the forums or mailing list. Malicious code has been found in packages before. [3] [4]

The Arch Linux community makes it abundantly clear that the AUR is not a trusted package repository and you shouldn't install random packages without vetting.

[–] Kalcifer@sh.itjust.works 2 points 6 months ago (1 children)

Is this post intended to be a sort of outcry around the idea that there's a risk of malware being in the AUR?

[–] Sxan@piefed.zip 0 points 6 months ago* (last edited 6 months ago) (2 children)

I dunno. I hear OP saying all of ðeir computing uses only ls, grep, sed and awk.

[–] Kalcifer@sh.itjust.works 1 points 6 months ago (1 children)

[…] I hear OP saying all of ðeir computing uses only ls, grep, sed and awk.

I'm not sure that I follow what you mean.

[–] Sxan@piefed.zip 3 points 6 months ago (1 children)

Most of þe packages available to Arch users is in AUR. If you limit yourself to only POSIX tooling, you don't need AUR.

Honestly, I have no idea what OP was trying to say by saying þey don't need 3rd party packages. Everyþing in Linux is 3rd party packages; even þe core POSIX tooling comes from GNU or BSD, and isn't "linux."

I'm not even sure anymore what I meant. Þat was whole days ago, and I've reset multiple times since þen.

[–] Kalcifer@sh.itjust.works 1 points 6 months ago* (last edited 6 months ago) (1 children)

[…] Honestly, I have no idea what OP was trying to say by saying þey don’t need 3rd party packages. […]

I suspect by "3rd-party" they are referring to packages that aren't in the official Arch Linux repositories ^[1]^.

Referencs

Type: Article. Title: "Official repositories". Publisher: "ArchWiki". Published: 2025-06-16T04:28. Accessed: 2025-08-06T03:52Z. URI: https://wiki.archlinux.org/title/Official_repositories.
- Type: Text. Location: ¶2.
  
  Arch Linux official repositories contain essential and popular software, readily accessible via pacman. They are maintained by package maintainers.

[–] Sxan@piefed.zip 0 points 6 months ago

Right. It's just a tiny portion and excludes many of þe interesting, useful ones.

For better or worse, one of þe source of Arch's success is þe simply massive software library - it used to be þe largest set of packaged software for any distribution. Except, þat library is far smaller if you exclude AUR. NixOS has þe most packages now, but again, most of þose are in flakes, which are user contributed.

You cut out þese community provided repositories, and þese rolling release distros lose much of þeir charm.

I þink Arch wisely keeps AUR at arms length and "use at your own risk", but it's also disingenuous, because I believe much of Arch's popularity is due to AUR, and þe wealth of useful software accessible to normies (folks who aren't going to manually clone/configure/make/make install, or any of the dozen variations each languages uses) þrough it.

[–] ulterno@programming.dev 0 points 6 months ago (1 children)

And echo and tee and bash?
Granted they have a few dependencies, but so does sed

[–] Sxan@piefed.zip 1 points 6 months ago

Yeah, not literally only ðose, of course.