ZombieCyborgFromOuterSpace

Yes. I agree. It's also much more stable so you don't spend time troubleshooting. And there's tons of support and even 3rd party packages available for peripherals and hardware.

That's what I personally recommend.

That's pretty sound.

I bet!

Who here has NEVER used the AUR with their Arch install raise your hand. I'll wait.

Absolutely 100%.

Not to mention it's in most of the solutions to every problem Arch users face.

There has been approximately 1000 infected packages in the AUR on Arch. And that's just in the latest incident, because that's not even the only incident.

Now tell me how many times this happened with PPAs? OR COPR or OBS?

Also, I'm very aware of the xz-utils exploit that happened last year. And do you know what distros were affected? Beta and testing versions of Fedora and Debian, which are not the most widely used versions of these distros. They are not meant for the public, but for developers and testers. However, the latest stable Arch was affected. Here's the source.

There's no comparison between this AUR even and the xz-utils backdoor problem that was resolved nearly immediately and hasn't happened again. Meanwhile the AUR keeps getting infected and, like I mentioned, there's been several occurrences of this.

Ubuntu relies on the community to be notified of problematic PPAs, and these are resolved swiftly. I cannot recall the last time there was an incident with a PPA because they are so rare. So, again, there is no comparison to make.

And who reads the PKGBUILD scripts??? Most users don't bother. And that's the problem.

I've been using Linux for 26 years and have even worked for a distro myself. Arch is a great Linux distro if you want to build a lean distro with bleeding edge shit. But, it's vulnerable to vulnerabilities due to it being too bleeding edge with little oversight and malware through the AUR. If you want to use this, then by all means, go ahead.

But my gripe is with this, and other communities, where people are pitching Arch or Arch-based distros to nearly everybody as the de-facto go-to, especially if you're into gaming. And I have a problem with that. I also have a problem with its users that will blindingly defend this distro and outright refuse to see the problems, like it's some kind of cult.

Well then stop recommending Arch or CatchyOS to every new user that comes in here looking for a gaming Linux distro ffs.

That is some gatekeeping bullshit right there.

LOL!

All these Arch fanboys just can't accept ANY criticism of their favourite Linux flavour. "IT'S THE BEST OKAY? EVERYBODY SAYS SO! IT'S THE BEST BECAUSE IT'S HARD TO USE AND ALL THE SOFTWARE IS BLEEDING EDGE AND MY SYSTEM BREAKS HALF THE TIME I DO AN UPDATE BUT THAT'S NORMAL LINUX SHIT OKAY? AND I USE THE AUR BECAUSE I KNOW WHAT I'M DOING EVEN THOUGH MY SYSTEM IS INFECTED OKAY?"

This! 👆

You completely missed the point.

Debian or Fedora don't need an AUR because vendors provide the packages themselves. And you know where they're coming from. You have the largest collection of software packages available, plus the 3rd party official packages available to download.

As for the PPAs, they're often provided by the software distributor themselves. Like Proton, or Wine. Most of the time you know who's providing the PPA. Ubuntu also keeps a close watch over these and will act if a malicious PPA is found. It won't take a lot of time before the PPA is taken down to prevent the spread. So it's relatively safer than a free for all repo where everybody is contributing and unmaintained packages get taken over. So, no. PPAs are not more dangerous than AUR.___

You kind of have to have guardrails though. Especially with the recent migration from Windows 11 to Linux, a lot of gamers, mostly younger and/or inexperienced users, are being recommended Arch via CatchyOS. And a lot of the advice they get involve enabling the AUR and getting their required software from there. Some of the troubleshooting documentation also provides instructions using the AUR. It may not come with Arch, but it sounds to me like it's pretty indispensable.

On the other hand, you have people saying that Arch isn't for new users. That you have to be careful when using AUR and how dangerous it is. You have to know what you're doing.

So then why is it recommended so much? I feel like every other comment when people are asking questions on which Linux flavour to use the answer is always "just use Arch/just use X variant of Arch". And when I talk about using another distro like Debian, people on Linux communities get really critical and ask "this distro sucks, why don't you just use Arch/Catchy/X variant?"

So which is it? Is it for everyone or not? Is it safe to use or not? Should anybody be using it or not?

The comments are really conflicting with each other here.

And honestly if we're going to recommend Arch/Catchy/Whatever to new Linux adopters, there ought to be guardrails. Or don't recommend Arch. And DON'T recommend using AUR. Try other workarounds instead of taking the easy AUR solution. You don't simply give a loaded gun to someone who wants to do target practice without any precautions or anything to prevent them from hurting themselves or others. Maybe recommend an air-soft gun with some eye-protection goggles instead for target practice initially and let them learn the basics of firearm manipulation using that before moving on to the real deal.