I need delta updates.

The AUR is incredibly convenient, but that convenience comes with additional risk. Recently attackers compromised orphaned AUR packages with a malicious npm dependency.
AUR has the most inertia at this time, it would be worth fixing
The AUR was never secure to begin with, as they have always cautioned a warning it being a "User Repository" and to be used with caution.
AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.
Having read the aur-general mailinglist in the past 2 months it seems they are working on improving the security overal. We will see how that looks like when they open up registrations again.
 


Just as an 'aside' - and bearing in mind I'm not really familiar with either of 'em - would I be right in thinking the AUR is anything like Slackware's 'slackbuilds' system?

I believe I'm correct in stating that those are 'user-generated / created' as well, no?


Mike.
hmm.gif
 
Just as an 'aside' - and bearing in mind I'm not really familiar with either of 'em - would I be right in thinking the AUR is anything like Slackware's 'slackbuilds' system?

I believe I'm correct in stating that those are 'user-generated / created' as well, no?


Mike.
hmm.gif
yea, you are correct.
i used slackware maybe 10 years ago.
 
The AUR was never secure to begin with, as they have always cautioned a warning it being a "User Repository" and to be used with caution.

Having read the aur-general mailinglist in the past 2 months it seems they are working on improving the security overal. We will see how that looks like when they open up registrations again.
Containers are overkill. Happy-go-lucky is starting to show it's limits.

Linux needs something in between. Hopefully it will work out.
 
Containers are overkill. Happy-go-lucky is starting to show it's limits.
It's not about being overkill or not, but about having it as an option and a lot of developers release their application as a Flatpak so it will also have verified status on Flathub.
 
If you use flatpak, snap, appimage, et al, then updates have to download the whole enchilada, because that's how they are packaged. One small library update requires changing the whole thing. It's not Arch, AFAIK, but the use of containers, that requires downloading so much data. I use none of them, and while I run Debian Sid, with updates every day, they seldom run more than a few megabytes for a big update. I just got a complete upgrade of KDE Plasma to 6.7, and it was only a few megabytes. I just refuse to use any of the trendy containerized software, partly because of the size and partly because I don't trust the integrity of the packages. If it's not in the Debian repos, I probably don't need it. I do use a few packages from outside, but I'm rather selective on what and when.
 
If it's not in the Debian repos, I probably don't need it. I do use a few packages from outside, but I'm rather selective on what and when.
That's not a workable solution for everyone, as neither Arch, Fedora or Debian has everything in the default repos that I need so everyone has to find what's workable for themselves. Fedora might come close if I used a trusted repo like Rpmfusion or Tera and there's an application that I use that is only released as an appimage.
 
I know it's not workable for everyone, but it's what works for me. Using appimages, snaps, flatpaks, etc is the only option for some people using some software, but they have to understand that using them imposes certain limitations. The lack of delta updates is one.
 
but they have to understand that using them imposes certain limitations. The lack of delta updates is one.
I can't disagree with that, I forgot that was the topic of this post so I was only responding to your most recently reply :)
 


Follow Linux.org

Members online

No members online now.

Top