this post was submitted on 25 Feb 2026
439 points (96.4% liked)

linuxmemes

30261 readers
1162 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
  • Don't get baited into back-and-forth insults. We are not animals.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn, no politics, no trolling or ragebaiting.
  • Don't come looking for advice, this is not the right community.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
    • 5. πŸ‡¬πŸ‡§ Language/язык/Sprache
  • This is primarily an English-speaking community. πŸ‡¬πŸ‡§πŸ‡¦πŸ‡ΊπŸ‡ΊπŸ‡Έ
  • Comments written in other languages are allowed.
  • The substance of a post should be comprehensible for people who only speak English.
  • Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
    • 6. (NEW!) Regarding public figuresWe all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.
  • Keep discussions polite and free of disparagement.
  • We are never in possession of all of the facts. Defamatory comments will not be tolerated.
  • Discussions that get too heated will be locked and offending comments removed.
    • Β 

    Please report posts and comments that break these rules!

    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

    founded 2 years ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    439
    huh. didn't expect that (lemmy.world)
    submitted 1 day ago* (last edited 11 hours ago) by MousePotatoDoesStuff@lemmy.world to c/linuxmemes@lemmy.world
    82 comments fedilink hide all child comments
     

    DISCLAIMER: Arch Linux is not a beginner friendly distribution, and this is not a recommendation or good practice.

    I know how to use pacman -S. I have yet to experience a Discover related issue after months of use.

    you are viewing a single comment's thread
    view the rest of the comments
    [–] anyhow2503@lemmy.world 14 points 1 day ago (1 children)

    The AUR is a great resource but it's also being sold as a package repository users don't need to actively think about or understand. I honestly think malware is going to be much more common on the AUR if we aren't careful.

    [–] copygirl@lemmy.blahaj.zone 2 points 23 hours ago (1 children)

    I keep hearing this claim online but the Arch bible (which you really should be familiar with if you use Arch) and pretty much everyone that knows anything will tell you that the AUR is useful, but not something to blindly use. I recommend everyone check the PKGBUILD, verify the source URLs are correct, and check the diffs when updating. It's not that much effort.

    And since it comes from a single (user) package repository, you'll probably have hundreds of people doing the same, or even going a step or two further and looking into the code, reporting the package if anything bad is going on. Still miles better than downloading .exe files you find from a Google search, even if you were lazy and didn't do the aforementioned checks. (But if you don't do that, you should probably just use Flatpaks or similar.)

    [–] anyhow2503@lemmy.world 5 points 22 hours ago (1 children)

    All official resources, Arch maintainers and high quality guides have been putting a ton of effort into teaching people how to use the AUR safely. That hasn't stopped some people, even back before Arch got really popular, but you can't reach everyone. Alternative package managers and pacman wrappers made the AUR a lot more accessible, which isn't necessarily a bad thing, but there are good reasons for all the caution. Combine that with Arch increasing in popularity and getting picked up by all the shitty influencers and you get a lot of people ,who don't know what they're doing, installing everything from the AUR with their CLI/GUI of choice. Then you've got Arch derivatives making AUR packages easily accessible from the start, bad advice on places like reddit etc.

    Long story short: it seems that over the years whenever I check in, users that barely know how it works are happily installing random shit from random people on the AUR because they saw it in a YT video or something.

    [–] copygirl@lemmy.blahaj.zone 1 points 21 hours ago (1 children)

    That makes sense, but what's the alternative here? Linux is freedom, so that means freedom to run / install anything you want, including malware if you're not careful. Maybe if you discourage people from using the AUR, they will install it through other means, like a developer-provided Flatpak or AppImage. But if that's not available or doesn't work, then it's nothing (= sad user), or you're back to "Google, then download ~~an .exe~~ the first thing you can run" or just curl | sh. Is that better? (Assuming we're still talking about the kind of people who would skip vetting what they install.)

    [–] anyhow2503@lemmy.world 2 points 18 hours ago

    I mean, yeah that would be my solution. I get that the AUR is attractive, precisely because it has a low barrier for anyone to submit their PKGBUILD. The level of oversight and verification is just a bit too low to recommend it to an average user, without a lot of caution. You've mentioned some alternatives that fall on different points along the spectrum of delivering software. Something like flatpak is a much more reliable tool in the hands of someone who just wants a GUI app and not think about how it gets to their desktop. For everything else that isn't part of your distros repositories, there's really not a good noob-friendly solution that doesn't carry a big potential risk. Most distros have third-party repositories that use the same underlying tools to deliver software, but are less strict about QA and stuff. This is kind of a bad fit for rolling release distros in my opinion and is probably one of the reasons the AUR is so hands-off and DIY oriented.

    There's probably a better way to handle this, but I don't think it's an easy thing to solve (especially for the rolling release model) and the AUR isn't really appropriate for mass-consumption by average users. Also, there will always be a certain point beyond which you're on your own, it's just not feasible to have reliable, safe, distro-agnostic packaging for every piece of software out there.