this post was submitted on 05 Aug 2024
417 points (93.3% liked)
Linux
48655 readers
1084 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Now actually use it for a couple of years. Then you'll see whats special about it.
For me personally, Ubuntu was breaking on every dist upgrade, the software was always out of date or not available in the repos. Been running arch for 5 years, same install, even transplanted it over to newer computers without issues. When some package is missing, I can throw together a PKGBUILD with chatgpt and put it on the AUR for others to use. It fucking rocks and is extremely sturdy while allowing me to do with it whatever I want.
But yeah, besides that, it's just a linux. The individual things it does well are not even exclusive to arch. Ideally, you should not think about your OS at all and it should be out of your way, while you do something on it.
Any major Linux distribution has a system for building packages, it's not something special to Arch. In fact, Arch's great advantage of the aur repository actually becomes a disadvantage by introducing instability and insecurity into your system when you add programs from that repository. It's amazing that people criticize Windows security with .exe's and then install packages from external repositories with the security of "trust in the repository". How can you trust code with root access to the system just because it's in the aur repository? That's the main question I would ask Arch users.
Well there is far less malware on Linux tbf so comparison is not completely accurate. But same caution applies, try to vet and understand what you install. That part is also easier with the AUR as it's transparent in the packagebuild what it does unlike random exes with closed source. It's also a large community with many eyes on the code so unless it's a package with few users then it's gonna get caught pretty quickly.
That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.
Your comparison was with random exes on the most targeted, malware infested operating system out there.
Many eyes are always better than no eyes. I'm not saying you shouldn't vet the code stop misinterpreting but no one knows or catches everything by themselves. That's why security needs transparency. If it's as insecure as you're saying we would have way bigger problems but we don't. AUR is not as safe as the Arch repository sure, but definitely safer than installing random exes on Windows. It's a flawed comparison you're making.
If you're paranoid you should be on an immutable distro cause xz backdoor was in some official repos. Repo maintainers do not catch everything either it was just a mere coincidence someone caught it(again thanks to transparency & many eyes on code) before mass deployment. Installing anything with root access is a risk. Going online is a risk. But there are ways to mitigate risk. Some security you're always gonna have to trade for convenience.