24 minutes ago
In case anyone missed it, the latest version of yay (v13+) supports being able to skip recently added packages through its new Lua extension system https://jguer.github.io/yay/lua.html#upgrade-selection-hooks. You can control the threshold since it's just user configuration now.
A bunch of common yay commands also return back the last updated time of a package thanks to https://github.com/Jguer/yay/pull/2846.
an hour ago
I'll note that OpenSuse also has Packman which a shitton of people enable (for codecs), has also 'one namespace only' an looser policies than the main distro.
I do not think this something you can escape by switching distro.
an hour ago
Yes, the only reason this isn't happening in other distros is simply popularity.
Namespacing is the solution, and as mentioned in the article some ditros do indeed have namespaced user repos, like Fedora's Copr. The trust model of a flat namespace user repo is completely broken when the maintaining user can change at any moment.
an hour ago
Who still uses Arch btw after this?
an hour ago
The AUR has consistently had warnings around it of 'verify the PKGBUILD', far more so than any other package repository that allows anyone to sign up. Probably the only notable difference is the ease of taking over an orphaned package.
an hour ago
If you want something from the AUR, just don't be lazy, read the pkgbuild.
an hour ago
I do, I'm just choosy about aur packages I use
an hour ago
I still do, I just don't touch AURs anymore.
an hour ago
Is there another distro that has an equivalent of the AUR with handling you think is preferable?
an hour ago
AUR is fast and loose and doesn't do much "handling" by design, so it's hard to find any equivalent repo. But there's always a tradeoff between fresh (nixpkgs unstable, might be the closest) and tested (Debian).
an hour ago
AUR isn't just the testing repo of Arch; it's explicitly just an open spot where anybody can put up "here's a PKGBUILD for folks". I don't see how it's like either the Nix or Debian examples.
an hour ago
Well, Nix has NUR which is a direct equivalent but it's not nearly as broadly used and I assume "here's a PKGBUILD for folks" is already too permissive for you if you're asking.
There's no maintainer vetting process in nixpkgs as far as I know, anyone can own a bunch of packages. There are quality standards and it's not "here's a bunch of nix code for folks" but it's the next possible thing in the line after that.
39 minutes ago
It seems like you may have mistakenly inferred that I have issues with the AUR?
I don't; I use Arch on 100% of my personal servers, have done so for something approaching 20 years, and don't see myself changing.
But I treat the AUR for what it is: a place where anybody can say "here's a PKGBUILD for folks" and it's on me to evaluate it on its merits.
I was legitimately asking the person upthread what other distro they felt had a better model for this kind of sharing, because they seemed to think this was a reason for Arch users to jump ship and I was curious what they thought would be the elements of a better system.
an hour ago
Gentoo
But let's hope we get this solved, like peer review model, vouch, or something
It is very good to be able to find build/install files for everything
an hour ago
Gentoo's model appears to be basically the same? Like the AUR, anybody can submit basically anything they want. The requirements amount to containing valid packages, having a bugzilla account, and putting your package definitions in VCS somewhere.