AUR safe + Debian vs Arch?

E

elisey4742016-10-03 23:00:54

linux

elisey474, 2016-10-03 23:00:54

I need linux - a constructor from which I could do everything as I want and I will use it on a laptop.
In general, I found two Debian and Arch here!
It seems that I already wanted to install Arch, but then I remembered that in addition to the system itself, I also need openshot (video editor) and arduinoide. Since I'm not used to compiling from source, I prefer the package manager to do everything by itself. Debian is pleased that both packages are in the official repository. While on arch you have to put everything from aur with yaourt. The question arises, is aur generally safe? In the same place, any contributor can correct the source codes of the same arduino ide and introduce malware there. Yes, on the same aur.archlinux.com it is written in bold "everything at your own peril and risk." And in general they say that debian is a stable system (albeit to the detriment of reducing packages). So maybe just forget about arch and install debian?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

M

Maxim Moseychuk, 2016-10-03
@fshp

Well, in Arch you can download the PKGBUILD yourself and check where the sources come from.

X

xotkot, 2016-10-04
@xotkot

you suck problems out of your finger
this arduino package that is in the AUR is quite popular, which firstly greatly reduces the risk that there will be problems with it both in terms of security and stability, and secondly makes it possible in the foreseeable future to be transferred to off. turnips.
And if you are so worried about security, then everything is transparent with this in the AUR, you can view its PKGBUILD during the installation of the package or even do it online from the page of the AUR itself. This is almost a regular bash script without any magic, having basic knowledge of bash you can easily figure it out.
If you find it difficult then you should install Debian.

S

StrangeAttractor, 2016-10-03
@StrangeAttractor

Риторический вопрос.
В теории да, AUR менее безопасен и стабилен, чем Debian. На практике ни разу не слышал ни о каких проблемах, связанных с использованием AUR (сам пользовался пару лет, некоторые друзья используют в т.ч. в production на очень высоконагруженных системах), при этом там практически всегда самые актуальные версии софта. А вот в Debian experimental реально встречал пакеты, которые не работали и всё ломали (а в стабильных репах как правило версии протухшие, по-этому многое всё-равно приходится ставить вручную). В общем каждому своё.

C

CityCat4, 2016-10-04
@CityCat4

"Tell me, is that warm one over there greener than that soft one over there?"
You decide right away - you "could do everything as I want" or "I prefer the package manager to do everything himself." Because these things are not exactly opposite, but certainly lying at right angles :)
Any packaged distribution installs packages as the package builder sees fit. Well, if his vision is standard, but if not? You can fix it by hand, but you need to rebuild the package - why then is it at all? Batch distributions are installed when they want it to "just work", without going into details, they may not even open the console.
"Everything I want" can be done only in LFS :) and partly in source-based distributions. Because even in them fullthere is no control - you can play around - and break the system. For example, in Calculate Linux, I have not yet managed to get a true 64-bit system and get rid of introspection. Although, of course, control over what, where, how much and why in source-based distributions is an order of magnitude higher - but it also requires appropriate knowledge.