So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR. Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
For example, one of my friends wanted to download an audio tool called Reaper. On Windows this is just looking up the application and clicking on the .exe. It really depends on the dev if they include a .deb, sometimes you might need to download the .sh file or they may tell you to compile it yourself. Perhaps, you have to add a ppa. On Arch, all I have to do is Paru -S Reaper, if there are multiple Reapers I can look for that by typing Paru Reaper.
Now that Arch is so easy to install with the Archscript, and the software repo so vast and easy to use, is Debian really user friendly if you have to jump through several hoops to download programs?
Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
The correct way is getting it from the official source, not a random user-contributed build.
Users don’t contribute builds. They contribute a specification file for how the build is made, which through the AUR is downloaded and executed. You can see the package source for every AUR package, and most AUR helpers make you look at the specification file by default.
These are download instructions from Librewolf’s official website:
Ubuntu: https://librewolf.net/installation/debian/
Arch: https://librewolf.net/installation/debian/
Ubuntu is noticeably longer as you need to wget a specific link and adding the keys.
Arch is just one command from the aur whether you want to use pacman, yay, or paru
If the two steps of adding a repo and its signing key before you install a deb is too much for you, just wait until you need to compile something from source.
I have installed manually before. I’m not saying that it’s hard, I’m saying that arch is faster to do so since it’s one command. You’re not going to memorize the wget link and process to install keys for every program. Why is this so controversial?
You don’t need to memorize them. They’re literally given to you on the page. Copy, paste.
I don’t even need to visit any page or look stuff up if I just type
paru librewolfparu will search the aur for me directly in the terminal showing the amount of votes, version number, if it’s orphaned or not. If I absolutely know the package name I can type inparu -S librewolf
Arch (arch based x86_64)
Download and installhttps://sourceforge.net/projects/joborun/files/r/librewolf-122.0.1-03-x86_64.pkg.tar.lz/download
or cd /tmp
mkdir libw
cd libw
wget https://git.disroot.org/joborun-pkg/jobextra/raw/commit/3f78c1796cc471eed86f817cdffc7bcaa038d5b1/librewolf/PKGBUILDmakepkg
sudo pacman -U *x86_64.pkg.tar.*
librewolf
or
firejail librewolfparu -S librewolf
yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
Dude, there is no correct or wrong way. Many prefer Flatpaks, because they ship with all they need and work on every distro.
Also, you can just use Distrobox on any distro and use anything you want.
But calling Arch easier than Zorin or similar is just wrong.
You took one narrow use case whose significant downsides you’re unaware of and made an OS ease of use judgement based on that. Therefore while you’re entitled to it, it’s not a useful judgement. ☺️
My narrow use case is just installing packages. There are lots of packages not in the apt repository. All I’m saying is that aur has more stuff. Now, if apt repository has around the same amount as the aur then I could see how debian based distros are functionally as easy to use.
Do you look at the stuff in the aur? Because any of that stuff you install from there could be messed with because it’s a user repository. I specifically left arch because I had to look into all the packages I installed from the aur, and the stuff from the official repos was pretty limited compared to something like Debian. That took a lot of time. Or, you could always just install whatever you find with zero concern about security.
I’ve been running Debian for decades with maybe 2 problems I had to manually resolve with apt. I ran arch and manjaro for maybe a year, and had a handful. I’m certainly not going to say not to run arch, but it’s in no way easier to keep running than Debian. That’s literally Debian’s whole gig.
In all the years I’ve used the AUR I only heard of one pkg violating security, it was recognized pretty fast and was removed within hours from going up. AUR pkgs have history/track/votes on them, with thousands using them it is just as likely an official pkg having rogue code as an aur pkg.
Also, aur pkg are not really software written for the aur, it is software packaged for the arch ecosystem, and several other distros are using them.
Right, and that’s a good reason why you should feel reasonably comfortable installing very popular software from the aur, once it’s been there for a while. That’s not why people like the aur.
People like that you can get even unpopular stuff in the aur, and that’s the stuff you need to be suspicious of. If you’re getting some niche y2k era packet radio software from the aur, you should be checking how it’s packaged and what is actually being packaged. And if you have the knowledge to do that you might as well get the source and install it yourself. I’ll admit that i’m getting old, and I don’t know if that’s something people aren’t willing or able to do these days.
Maybe i’m just cranky about arch, but it just seems really stupid to me to go through manually installing and setting up your system just to either install some random crap from the aur, or have to manually review it all because the official repos are pretty bare.
1 If you take an average AUR pkg and read its content (PKGBUILD) the procedure of building an arch like pkg is not very much unlike the practice of building and installing from source as in the old days. The difference is that when a new revision or need for patch, or rebuild due to fresh libraries/dependencies is necessary through your AUR helper you will be notified.
Yes. It is possible to verify what’s going on. That’s what I did when I used the aur. Do you think most people do that, or even look at see how many users are using the software? Or do you imagine they just install it blindly?
If you ever see a help video or article that suggests installing something from source, or run some script people generally tell the reader that they shouldn’t just run random code without looking at it. I’ve never once seen anything that suggested people should check the pkgbuild. I don’t have a problem with the aur. I just think it’s not nearly as trustworthy as it’s generally made out to be, and I don’t think people generally understand that it might even be a concern, or that you can check the validity of the package yourself.
One out of five pkgs in AUR are so unmaintained they don’t even build anymore.
Clieaning up junk is more urgent than screening what comes on.
@constantokra
2 Do you honestly think one can just make a fake account up, register, and publish an AUR pkg with rogue code that easy? There are checks for code whether it is safe or not, whether it is asking for right elevation, altering the filesystem’s rights, etc.
You are making it sound like registering for X and publishing a tweet.3 The most dangerous software I see on AUR is browser bins by the BIG NAMES not the little script stuff.
People are afraid of people instead of large corps
@constantokraI think people can hide lots of things in code, especially when people don’t generally look at it. And I know people don’t look at it when they talk about how convenient the aur is. It’s at best marginally more convenient than installing from source.
I’m not at all suggesting that people should place more trust in large companies. I’m suggesting that packages in the aur with lots and lots of users should be trusted more, specifically because some of them will be checking out the pkgbuild, and the source, and presumably some of them would notice if the software did something it wasn’t supposed to do. Obviously the larger the software the harder that all is to check, and correspondingly you’d want to see many more users using it before you’d extend it any trust.
My point being, i’ve not seen these discussions taking place. Maybe I’ve just missed them. But I feel like it’s appropriate to bring it up when I see people talking about just how.convenient the aur is. It’s really not that convenient if you’re using it in a way that i’d consider reasonable.
I think that’s a Manjarno problem.
When you download new programs how do you do so? You just install flatpak or what?
New packages on flathub are moderated, though I haven’t encountered any problems from AUR’s moderation model either other than it sometimes being slow but harmful stuff is removed pretty fast
Ordinarily I use apt. Sometimes a flatpak if I trust the source. Otherwise it’s from source or usually something i’m running in docker, where I’ll check what it’s actually doing if i’m at all suspicious.
I don’t want to make too big a deal of the aur. When I was using arch and I needed something from the aur it was easy enough to see that it was a legitimately packaged piece of software. The only big deal is that it’s a real pain in the ass, and I know most people aren’t doing that, and I never see anyone mention it so I doubt people even consider that it could be an issue.
It comes down to what you trust. I trust the stuff I can get from Debian’s repos. I trust some other sources, and everything else I look at. I don’t trust the aur, and I sincerely doubt most people look at the software they’re installing from it to make sure it’s legit.
It’s really none of my business what others are comfortable with. The trustworthiness of where you get your software is a decision you have to make for yourself, and with the way people go on about the aur I get the feeling they don’t bother to decide. I don’t ever hear anyone acknowledge that there’s any sort of difference between the aur and Debian’s repos, but that’s just frankly an utterly absurd idea.
All I’m saying is that aur has more stuff.
Sure, but that does not equate to the premise you made that Arch is easier to use than Debian.
So it’s much easier to install stuff since it has everything you need.
I think they want you to talk about the other aspects of use, such as compatibility with hardware an whether there can be significant productivity roadblocks. (That said, the only said roadblock I’ve met is not being able to project and not being able to run a specific Android app)
Congrats. Now you know why distrobox is so good. The package manager of the host doesn’t matter anymore. Nix package manager also works on any system. And finally, nowadays you use flatpak to install apps whereever possible.
You can’t take the package manager as a reference to judge which OS is better.
Arch is not only about installing but keeping up to date. A normal person does not want to read about selinux. Debian doesn’t use it either but uses something comparable. On arch you have to take care of it. On debian the maintainers take care of it.
I’ve been using Arch almost a decade now (after distro hopping between various Debian based distros), installed it on a bunch of different devices and never once had to read about selinux.
Arch maintainers take care of stuff too. If you don’t want to update much, then update every three months or however long you like 🤷🏻♀️
Which Mandatory access control do you use?
Is it really preinstalled without ever assking you if you even want it?
Nah, I’d rather put together my own PKGBUILD on Arch, so I have an mostly repeatable build for a package that doesn’t exist in repos. Bonus, I can share that if I wish and make others life easier.
Dog. I’m an arch user. You can’t just say “Arch is easier than Debian” and then in the first part of your argument say:
Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
You do realize Arch just frontloads that effort right? It’s not any “easier.” We embrace the fucking manual. (Arch based distros aside…)
Now if you were praising the simplicity of
makepkgand the PKGBUILD syntax then sure. As is, though, this is just a bad take.You should check out Nix (the package manager). NixOS’s Nix package manager can be used outside its own system. It supports the vast majority of Linux operating systems as well as MacOS.
Nix’s package repository is gigantic like you wouldn’t believe, and Reaper is in it.
deleted by creator
What do you mean by contamination? (I’ve never used Nix)
deleted by creator
Is mint slower than Ubuntu? A bit surprised to hear an Ubuntu derivative called slow
deleted by creator
So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR.
The platform for this would be available (https://mpr.makedeb.org).
Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
Not everything is available in the AUR either. It may therefore be necessary to create a own PKGBUILD file. And since anyone can publish something in the AUR, you should check the PKGBUILD file before installing or updating it. Both also require reading guides (https://wiki.archlinux.org/title/Arch_User_Repository, https://wiki.archlinux.org/title/PKGBUILD and so on).
On Arch, all I have to do is Paru -S Reaper,
This would give me the error message that the command was not found. Why do some people assume that everyone uses the same AUR helper as they do? I use aurutils, for example. This AUR helper offers more options but is more cumbersome to use in some cases.
Apart from that, the name of the package is reaper and not Reaper. So even if I would use paru, it would not work.
Now that Arch is so easy to install with the Archscript,
Easier? Yes. But archinstall had and still has some bugs. And archinstall, understandably, does not cover everything so that a manual installation is more flexible.
yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
Appimages or flatpaks are often the correct way to go, as many projects only publish such packages.
Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
There’s also Homebrew, which is more like the AUR than any APT repository or other package solutions. The formulae are built from source by homebrew, so it’s basically like
yayor, in your case,Paruin that regards.This doesn’t necessarily negate the point of your post, but it’s still a myth that I bought into for a long time, so let’s nip it in the bud: there is no “correct way” to install apps/programs/packages. There may be a correct way for your use case, but everyone has different use cases, even people using the same OS on the same hardware. I prefer system installs like .deb packages because it minimizes disk space and memory usage, whereas someone might prefer sandboxed packages like flatpaks or AppImages because of the security implications; hell, some people might opt for containers like docker or k8s for the compartmentalization.
On to the point of your post: I just want a set and forget OS. I don’t care if it has the most recent updates or bleeding-edge features, I don’t care about squeezing every last drop of benchmark numbers out of my hardware. I just want to boot up my PC and get to doing the things I use a computer for, not maintain my OS and configure and reconfigure and rereconfigure settings.
Linux newbies regularly come on here, in this exact community, and lament about their arch install, levying the above complaint. The regulars’ responses usually boil down to “shouldn’t have gone with arch if you didn’t want to get your hands dirty.” I’m not gonna say it’s the same people, but it is the same userbase who will gleefully squeal “install Arch” when someone comes in asking “hey, I’ve never used Linux before, what distro should I use?”
“Use our distro, but all your problems are because you refuse to tailor your computer habits and schedule around the OS’ needs” is not a community I’d particularly want to be a part of either.
Also, Pacman is an absolute migraine if you go a week without updating. I have sunk hours into fixing dependency issues only to get so frustrated I just uninstalled the app because Pacman would hold up 1300 updates (not hyperbole) over a single dependency issue.
Everyone is downvoting OP, but OP is literally the common case of what users actually want…
Honestly didn’t think I would get this much hate. People talking about how the correct way to install is flatpak most of the time, a comment right after says you shouldn’t use flatpak for low level, and other comments saying to install it the long manual way (which, admittedly, is the most secure way), nobody has admitted that it’s easier to install from aur rather than on debian.
If it’s a popular and maintained package on aur then most of the time it should be fine. Very rarely do I have to go to the official documentation to make the packages manually unless it’s a smaller project.
Because there’s still unfortunately a heap of Arch FUD and myths floating around.
FWIW, I agree with you. I ended up using Arch for the past almost decade now in part because of the repos and pacman.
I distro hopped a lot when I first moved to Linux (from Windows) before settling on Mint. Faffing about with adding repos didn’t feel like an improvement over the Windows experience of having to go to various websites to download files.
I was still pretty much a Linux noob when I moved to Arch. I’m glad I didn’t listen to all the FUD then about it being hard and terrible. It’s been so much easier to use and maintain than other distros I’ve used (or installed for other folks).
PS: Just a meme to joke, if you want to analyze, please don’t point at me.
Won’t you have problems on any distro if you use Nvidia? Arch would be the best place to see if it works. Nonetheless, good meme and very relatable
Now that Arch is so easy to install with the Archscript
Trash. Not true arch user.
Switch to BSD instead, it is easy to use while being better in quality.
You gotta add the fact, that ArchLinux sometimes requires you to fiddle a lot when a update failed and broke a lot of stuff, there’s also the installation process, Debian is much more stable (and while archlinux is too), debian is generally a better option for beginners to its approach, And also Reaper is practically Avaliable on a crapton of distros, the fact that it provides binaries officially, and also that its avaliable on FlatHub.
The installation process has been pretty simple since archinstall and endeavourOS. The “sometimes” happens rarely, and the forums and mailing lists are pretty helpful.
The only times when an update broke a lot of stuff for me is 1. The infamous grub update which never happened again 2. Thunderbird dropped GTK support, not an Arch problem 3. I didn’t update for quite a while and had to do package replacements, which were automated by the package manager but was scary 4. Budgie and GNOME conflicted with each other. Weren’t very significant
Reaper is as easy to install on Linux (any distro) as it is on Windows or OSX. Any packaged versions of it, other than the tar file that you can download from Reaper.fm, are maintained by a third party and have nothing to do with the distribution.
PS: IMHO, you want tools like Reaper and Bitwig to install directly unto your system rather than Snap, Flatpak, etc., due to the low level audio hardware interaction.
I’m not touching flatpaks or snaps with a ten foot pole, and I have the same experience as you. Switched to EndeavourOS a few years back after having been a Debian (and Synaptic) advocate for almost 10 years.
The AUR is great, and the Arch wiki is a flipping treasure trove. I can hardly imagine going back, certainly not on my work station. Servers will probably be fine running Debian for another few years.
What is it about flatpaks that bothers you? I am curious. My experience with them is good, except that are sometimes slower to launch.
For certain low level applications, flathab may not work but for most cases, flathub is fine.
The second scenario is for something not even in flathub but is available in the aur which is signal desktop beta. The other day I installed this by typing
paru signaland scrolled up and found signal desktop beta right there and pressed the appropriate number to install. This is much more efficient to install. If I were on my friend’s linux mint computer I would have to find the github and follow instructions to manually add the package.I am comfortable doing both methods but my point is that users generally want the lowest resistance to new technology. Linux is supposed to be efficient and easy to use not having to look up guides when the Windows way is downloading and running a simple .exe.
Yeah, slow app launch for one thing. Lack of DE integration for another. Flatpak apps are so completely foreign elements in the distros I’ve used that I have no inclination to use them.
And the few times I’ve had to use on, it’s so bloated with redundant dependencies. I understand that flatpak apps will share dependencies within their ecosystem(?) but since they’re the exception to the rule on my system it never becomes a benefit.
Besides, as is OP’s point — I have the entirety of the AUR at my fingertips. Why would I bother with anything else?
