So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR. Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
For example, one of my friends wanted to download an audio tool called Reaper. On Windows this is just looking up the application and clicking on the .exe. It really depends on the dev if they include a .deb, sometimes you might need to download the .sh file or they may tell you to compile it yourself. Perhaps, you have to add a ppa. On Arch, all I have to do is Paru -S Reaper, if there are multiple Reapers I can look for that by typing Paru Reaper.
Now that Arch is so easy to install with the Archscript, and the software repo so vast and easy to use, is Debian really user friendly if you have to jump through several hoops to download programs?
Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
Dude, there is no correct or wrong way. Many prefer Flatpaks, because they ship with all they need and work on every distro.
Also, you can just use Distrobox on any distro and use anything you want.
But calling Arch easier than Zorin or similar is just wrong.
You took one narrow use case whose significant downsides you’re unaware of and made an OS ease of use judgement based on that. Therefore while you’re entitled to it, it’s not a useful judgement. ☺️
My narrow use case is just installing packages. There are lots of packages not in the apt repository. All I’m saying is that aur has more stuff. Now, if apt repository has around the same amount as the aur then I could see how debian based distros are functionally as easy to use.
Do you look at the stuff in the aur? Because any of that stuff you install from there could be messed with because it’s a user repository. I specifically left arch because I had to look into all the packages I installed from the aur, and the stuff from the official repos was pretty limited compared to something like Debian. That took a lot of time. Or, you could always just install whatever you find with zero concern about security.
I’ve been running Debian for decades with maybe 2 problems I had to manually resolve with apt. I ran arch and manjaro for maybe a year, and had a handful. I’m certainly not going to say not to run arch, but it’s in no way easier to keep running than Debian. That’s literally Debian’s whole gig.
In all the years I’ve used the AUR I only heard of one pkg violating security, it was recognized pretty fast and was removed within hours from going up. AUR pkgs have history/track/votes on them, with thousands using them it is just as likely an official pkg having rogue code as an aur pkg.
Also, aur pkg are not really software written for the aur, it is software packaged for the arch ecosystem, and several other distros are using them.
Right, and that’s a good reason why you should feel reasonably comfortable installing very popular software from the aur, once it’s been there for a while. That’s not why people like the aur.
People like that you can get even unpopular stuff in the aur, and that’s the stuff you need to be suspicious of. If you’re getting some niche y2k era packet radio software from the aur, you should be checking how it’s packaged and what is actually being packaged. And if you have the knowledge to do that you might as well get the source and install it yourself. I’ll admit that i’m getting old, and I don’t know if that’s something people aren’t willing or able to do these days.
Maybe i’m just cranky about arch, but it just seems really stupid to me to go through manually installing and setting up your system just to either install some random crap from the aur, or have to manually review it all because the official repos are pretty bare.
1 If you take an average AUR pkg and read its content (PKGBUILD) the procedure of building an arch like pkg is not very much unlike the practice of building and installing from source as in the old days. The difference is that when a new revision or need for patch, or rebuild due to fresh libraries/dependencies is necessary through your AUR helper you will be notified.
Yes. It is possible to verify what’s going on. That’s what I did when I used the aur. Do you think most people do that, or even look at see how many users are using the software? Or do you imagine they just install it blindly?
If you ever see a help video or article that suggests installing something from source, or run some script people generally tell the reader that they shouldn’t just run random code without looking at it. I’ve never once seen anything that suggested people should check the pkgbuild. I don’t have a problem with the aur. I just think it’s not nearly as trustworthy as it’s generally made out to be, and I don’t think people generally understand that it might even be a concern, or that you can check the validity of the package yourself.
One out of five pkgs in AUR are so unmaintained they don’t even build anymore.
Clieaning up junk is more urgent than screening what comes on.
@constantokra
2 Do you honestly think one can just make a fake account up, register, and publish an AUR pkg with rogue code that easy? There are checks for code whether it is safe or not, whether it is asking for right elevation, altering the filesystem’s rights, etc.
You are making it sound like registering for X and publishing a tweet.3 The most dangerous software I see on AUR is browser bins by the BIG NAMES not the little script stuff.
People are afraid of people instead of large corps
@constantokraI think people can hide lots of things in code, especially when people don’t generally look at it. And I know people don’t look at it when they talk about how convenient the aur is. It’s at best marginally more convenient than installing from source.
I’m not at all suggesting that people should place more trust in large companies. I’m suggesting that packages in the aur with lots and lots of users should be trusted more, specifically because some of them will be checking out the pkgbuild, and the source, and presumably some of them would notice if the software did something it wasn’t supposed to do. Obviously the larger the software the harder that all is to check, and correspondingly you’d want to see many more users using it before you’d extend it any trust.
My point being, i’ve not seen these discussions taking place. Maybe I’ve just missed them. But I feel like it’s appropriate to bring it up when I see people talking about just how.convenient the aur is. It’s really not that convenient if you’re using it in a way that i’d consider reasonable.
When you download new programs how do you do so? You just install flatpak or what?
New packages on flathub are moderated, though I haven’t encountered any problems from AUR’s moderation model either other than it sometimes being slow but harmful stuff is removed pretty fast
Ordinarily I use apt. Sometimes a flatpak if I trust the source. Otherwise it’s from source or usually something i’m running in docker, where I’ll check what it’s actually doing if i’m at all suspicious.
I don’t want to make too big a deal of the aur. When I was using arch and I needed something from the aur it was easy enough to see that it was a legitimately packaged piece of software. The only big deal is that it’s a real pain in the ass, and I know most people aren’t doing that, and I never see anyone mention it so I doubt people even consider that it could be an issue.
It comes down to what you trust. I trust the stuff I can get from Debian’s repos. I trust some other sources, and everything else I look at. I don’t trust the aur, and I sincerely doubt most people look at the software they’re installing from it to make sure it’s legit.
It’s really none of my business what others are comfortable with. The trustworthiness of where you get your software is a decision you have to make for yourself, and with the way people go on about the aur I get the feeling they don’t bother to decide. I don’t ever hear anyone acknowledge that there’s any sort of difference between the aur and Debian’s repos, but that’s just frankly an utterly absurd idea.
I think that’s a Manjarno problem.
All I’m saying is that aur has more stuff.
Sure, but that does not equate to the premise you made that Arch is easier to use than Debian.
So it’s much easier to install stuff since it has everything you need.
I think they want you to talk about the other aspects of use, such as compatibility with hardware an whether there can be significant productivity roadblocks. (That said, the only said roadblock I’ve met is not being able to project and not being able to run a specific Android app)
Congrats. Now you know why distrobox is so good. The package manager of the host doesn’t matter anymore. Nix package manager also works on any system. And finally, nowadays you use flatpak to install apps whereever possible.
You can’t take the package manager as a reference to judge which OS is better.
Arch is not only about installing but keeping up to date. A normal person does not want to read about selinux. Debian doesn’t use it either but uses something comparable. On arch you have to take care of it. On debian the maintainers take care of it.
I’ve been using Arch almost a decade now (after distro hopping between various Debian based distros), installed it on a bunch of different devices and never once had to read about selinux.
Arch maintainers take care of stuff too. If you don’t want to update much, then update every three months or however long you like 🤷🏻♀️
Which Mandatory access control do you use?
Is it really preinstalled without ever assking you if you even want it?
Nah, I’d rather put together my own PKGBUILD on Arch, so I have an mostly repeatable build for a package that doesn’t exist in repos. Bonus, I can share that if I wish and make others life easier.
So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR.
The platform for this would be available (https://mpr.makedeb.org).
Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
Not everything is available in the AUR either. It may therefore be necessary to create a own PKGBUILD file. And since anyone can publish something in the AUR, you should check the PKGBUILD file before installing or updating it. Both also require reading guides (https://wiki.archlinux.org/title/Arch_User_Repository, https://wiki.archlinux.org/title/PKGBUILD and so on).
On Arch, all I have to do is Paru -S Reaper,
This would give me the error message that the command was not found. Why do some people assume that everyone uses the same AUR helper as they do? I use aurutils, for example. This AUR helper offers more options but is more cumbersome to use in some cases.
Apart from that, the name of the package is reaper and not Reaper. So even if I would use paru, it would not work.
Now that Arch is so easy to install with the Archscript,
Easier? Yes. But archinstall had and still has some bugs. And archinstall, understandably, does not cover everything so that a manual installation is more flexible.
yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
Appimages or flatpaks are often the correct way to go, as many projects only publish such packages.
At least for me, AUR is last resort. I mainly use Flatpak, then offical repos, then finally AUR
So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR.
There is https://pacstall.dev/ the AUR for Ubuntu. It has a Lemmy community https://lemmy.ml/c/pacstall And there is PPA for Ubuntu. With the Arch AUR anyone can just upload something, and it is up to you to check whether it is uploaded malware or not. Sure, you can check how many others upvoted an AUR package but that is still no guarantee it is safe.
So then you’re saying the debian community sees value in something like the aur. Unlike all the other comments saying you should just use flatpak
Pacstall is for Ubuntu. I am not sure it can work well for Debian. Yes, sure, it is possible that some Ubuntu users see value in having AUR alike repositories to install from. Actually PPA for Ubuntu (PPA does not work well on Debian I’ve read) is kind of like AUR. The Personal Package Archives are uploaded by someone and provide newer versions of software, or provides software which is not in the main Ubuntu repositories. A good example of that is the PHP packages from Sury : https://deb.sury.org/
Everyone is downvoting OP, but OP is literally the common case of what users actually want…
Honestly didn’t think I would get this much hate. People talking about how the correct way to install is flatpak most of the time, a comment right after says you shouldn’t use flatpak for low level, and other comments saying to install it the long manual way (which, admittedly, is the most secure way), nobody has admitted that it’s easier to install from aur rather than on debian.
If it’s a popular and maintained package on aur then most of the time it should be fine. Very rarely do I have to go to the official documentation to make the packages manually unless it’s a smaller project.
Because there’s still unfortunately a heap of Arch FUD and myths floating around.
FWIW, I agree with you. I ended up using Arch for the past almost decade now in part because of the repos and pacman.
I distro hopped a lot when I first moved to Linux (from Windows) before settling on Mint. Faffing about with adding repos didn’t feel like an improvement over the Windows experience of having to go to various websites to download files.
I was still pretty much a Linux noob when I moved to Arch. I’m glad I didn’t listen to all the FUD then about it being hard and terrible. It’s been so much easier to use and maintain than other distros I’ve used (or installed for other folks).
Arch requires significantly more tinkering to keep it working, compared to Debian. That’s not because of FUD. Arch has a more hands-on philosophy. It even says so on their wiki.
I have seen savvy users jump directly from Windows to Arch without trying easier distros like Mint. But if given a choice, I wouldn’t introduce anyone to Arch as their first distro. Most people are simply not that patient and are likely to give it up as being too hard. They are likely to give in to the actual FUD that Linux is not user-friendly.
It’s not unusual for people who have tasted the freedom that Arch gives you, to think that it’s the easiest distro around. But the Arch way of doing things is alien to most people around. It’s very important to set the expectations straight and not get carried away.
I’ve been using Arch as my daily driver for almost a decade. I think I might know how much tinkering it requires lol. You can look at Arch News and you’ll see there’s bugger all interventions required. I don’t bother to tinker with anything and haven’t in about three years because I’m happy with what I have. I don’t need to tinker if I don’t want to. 🤷🏻♀️
In that almost decade, I could count on one hand the number of times my system has broken and most of those was basic user error.
And I never said it was the easiest distro. You gotta stop making strawman arguments.
If you want to flex your experience, I have twice as much as you do, just with Arch. You are just speaking your perspective and extrapolating it to others. Neither the official Arch sources, nor the regular users’ experience match what you say. The argument you made is in complete disregard of the ability, patience or intent of the vast majority of users.
It’s a common trope that I see that newbie Linux users complaining about how Arch users talk down to them. I can see where that comes from.
EDIT: I am tired, in pain and was feeling grumpy when I wrote this this morning. I’m being a hypocrite and not coming to your level with compassion, kindness and patience like I should. So I’m going to bow out of this conversation and say agree to disagree. I’ll keep helping folks move to Linux like I have been for years and put my energy where I want it to go.
Original reply
You think I’m flexing? Interesting. And you want to tell me I’m extrapolating (projecting)?
Guessed I should have ‘flexed’ more and also explained that my experience is not just with my own PC but multiple PC’s, laptops and… not all mine. Yep, I’m ‘flexing’ about all the people I’ve helped install Linux (all Arch based oh no) with my years of flexing volunteer experience.
With all my years of years of volunteer work and helping countless people (including in a very vulnerable area of society) I only ever talk down to people yep. I totally don’t encourage everyone to come to people at their level with compassion, kindness and patience.
I’m just all bout the flex. 😂🤦🏻♀️
Maybe don’t make assumptions about someone’s motivations, experience and qualifications when you don’t actually know them?
I am tired, in pain and was feeling grumpy when I wrote this this morning.
Disagreement over a distro is nothing worth suffering for. Wish you a speedy recovery and better times ahead.
Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
There’s also Homebrew, which is more like the AUR than any APT repository or other package solutions. The formulae are built from source by homebrew, so it’s basically like
yayor, in your case,Paruin that regards.This doesn’t necessarily negate the point of your post, but it’s still a myth that I bought into for a long time, so let’s nip it in the bud: there is no “correct way” to install apps/programs/packages. There may be a correct way for your use case, but everyone has different use cases, even people using the same OS on the same hardware. I prefer system installs like .deb packages because it minimizes disk space and memory usage, whereas someone might prefer sandboxed packages like flatpaks or AppImages because of the security implications; hell, some people might opt for containers like docker or k8s for the compartmentalization.
On to the point of your post: I just want a set and forget OS. I don’t care if it has the most recent updates or bleeding-edge features, I don’t care about squeezing every last drop of benchmark numbers out of my hardware. I just want to boot up my PC and get to doing the things I use a computer for, not maintain my OS and configure and reconfigure and rereconfigure settings.
Linux newbies regularly come on here, in this exact community, and lament about their arch install, levying the above complaint. The regulars’ responses usually boil down to “shouldn’t have gone with arch if you didn’t want to get your hands dirty.” I’m not gonna say it’s the same people, but it is the same userbase who will gleefully squeal “install Arch” when someone comes in asking “hey, I’ve never used Linux before, what distro should I use?”
“Use our distro, but all your problems are because you refuse to tailor your computer habits and schedule around the OS’ needs” is not a community I’d particularly want to be a part of either.
Also, Pacman is an absolute migraine if you go a week without updating. I have sunk hours into fixing dependency issues only to get so frustrated I just uninstalled the app because Pacman would hold up 1300 updates (not hyperbole) over a single dependency issue.
Reaper is as easy to install on Linux (any distro) as it is on Windows or OSX. Any packaged versions of it, other than the tar file that you can download from Reaper.fm, are maintained by a third party and have nothing to do with the distribution.
PS: IMHO, you want tools like Reaper and Bitwig to install directly unto your system rather than Snap, Flatpak, etc., due to the low level audio hardware interaction.
https://wiki.debian.org/DontBreakDebian
You really should never download a Debian package or install via a script. The proper way is to use a container or flatpak.
Flatpaks are isolated while I want to use my input method. Plus, they have larger sizes which can pile up over time
What input method? Flatpaks have controllable permissions that can be changed by the user.
As for large sizes, that hasn’t been the case for a while. The stuff that takes up the most space are libraries and they installed once. Usually a program will need either the KDE framework (for qt) or the gnome framework (gtk).
PS: Just a meme to joke, if you want to analyze, please don’t point at me.
Won’t you have problems on any distro if you use Nvidia? Arch would be the best place to see if it works. Nonetheless, good meme and very relatable
I’m not touching flatpaks or snaps with a ten foot pole, and I have the same experience as you. Switched to EndeavourOS a few years back after having been a Debian (and Synaptic) advocate for almost 10 years.
The AUR is great, and the Arch wiki is a flipping treasure trove. I can hardly imagine going back, certainly not on my work station. Servers will probably be fine running Debian for another few years.
What is it about flatpaks that bothers you? I am curious. My experience with them is good, except that are sometimes slower to launch.
Yeah, slow app launch for one thing. Lack of DE integration for another. Flatpak apps are so completely foreign elements in the distros I’ve used that I have no inclination to use them.
And the few times I’ve had to use on, it’s so bloated with redundant dependencies. I understand that flatpak apps will share dependencies within their ecosystem(?) but since they’re the exception to the rule on my system it never becomes a benefit.
Besides, as is OP’s point — I have the entirety of the AUR at my fingertips. Why would I bother with anything else?
For certain low level applications, flathab may not work but for most cases, flathub is fine.
The second scenario is for something not even in flathub but is available in the aur which is signal desktop beta. The other day I installed this by typing
paru signaland scrolled up and found signal desktop beta right there and pressed the appropriate number to install. This is much more efficient to install. If I were on my friend’s linux mint computer I would have to find the github and follow instructions to manually add the package.I am comfortable doing both methods but my point is that users generally want the lowest resistance to new technology. Linux is supposed to be efficient and easy to use not having to look up guides when the Windows way is downloading and running a simple .exe.
Now that Arch is so easy to install with the Archscript
Trash. Not true arch user.
Switch to BSD instead, it is easy to use while being better in quality.
Installed arch the manual way but have also tried to script to see if it was really as easy as people make it out to be. I would still recommend everybody giving the manual install at least once but for people who want it very easy to use, the script is there and hopefully nothing goes wrong with their system.
Write your own script, arch users :)
