So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR. Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
For example, one of my friends wanted to download an audio tool called Reaper. On Windows this is just looking up the application and clicking on the .exe. It really depends on the dev if they include a .deb, sometimes you might need to download the .sh file or they may tell you to compile it yourself. Perhaps, you have to add a ppa. On Arch, all I have to do is Paru -S Reaper, if there are multiple Reapers I can look for that by typing Paru Reaper.
Now that Arch is so easy to install with the Archscript, and the software repo so vast and easy to use, is Debian really user friendly if you have to jump through several hoops to download programs?
Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
The correct way is getting it from the official source, not a random user-contributed build.
Users don’t contribute builds. They contribute a specification file for how the build is made, which through the AUR is downloaded and executed. You can see the package source for every AUR package, and most AUR helpers make you look at the specification file by default.
These are download instructions from Librewolf’s official website:
Ubuntu: https://librewolf.net/installation/debian/
Arch: https://librewolf.net/installation/debian/
Ubuntu is noticeably longer as you need to wget a specific link and adding the keys.
Arch is just one command from the aur whether you want to use pacman, yay, or paru
If the two steps of adding a repo and its signing key before you install a deb is too much for you, just wait until you need to compile something from source.
I have installed manually before. I’m not saying that it’s hard, I’m saying that arch is faster to do so since it’s one command. You’re not going to memorize the wget link and process to install keys for every program. Why is this so controversial?
You don’t need to memorize them. They’re literally given to you on the page. Copy, paste.
I don’t even need to visit any page or look stuff up if I just type
paru librewolf
paru will search the aur for me directly in the terminal showing the amount of votes, version number, if it’s orphaned or not. If I absolutely know the package name I can type inparu -S librewolf
Arch (arch based x86_64)
Download and installhttps://sourceforge.net/projects/joborun/files/r/librewolf-122.0.1-03-x86_64.pkg.tar.lz/download
or cd /tmp
mkdir libw
cd libw
wget https://git.disroot.org/joborun-pkg/jobextra/raw/commit/3f78c1796cc471eed86f817cdffc7bcaa038d5b1/librewolf/PKGBUILDmakepkg
sudo pacman -U *x86_64.pkg.tar.*
librewolf
or
firejail librewolfparu -S librewolf
yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
Dude, there is no correct or wrong way. Many prefer Flatpaks, because they ship with all they need and work on every distro.
Also, you can just use Distrobox on any distro and use anything you want.
But calling Arch easier than Zorin or similar is just wrong.
Congrats. Now you know why distrobox is so good. The package manager of the host doesn’t matter anymore. Nix package manager also works on any system. And finally, nowadays you use flatpak to install apps whereever possible.
You can’t take the package manager as a reference to judge which OS is better.
Arch is not only about installing but keeping up to date. A normal person does not want to read about selinux. Debian doesn’t use it either but uses something comparable. On arch you have to take care of it. On debian the maintainers take care of it.
I’ve been using Arch almost a decade now (after distro hopping between various Debian based distros), installed it on a bunch of different devices and never once had to read about selinux.
Arch maintainers take care of stuff too. If you don’t want to update much, then update every three months or however long you like 🤷🏻♀️
Which Mandatory access control do you use?
Is it really preinstalled without ever assking you if you even want it?
Nah, I’d rather put together my own PKGBUILD on Arch, so I have an mostly repeatable build for a package that doesn’t exist in repos. Bonus, I can share that if I wish and make others life easier.
You took one narrow use case whose significant downsides you’re unaware of and made an OS ease of use judgement based on that. Therefore while you’re entitled to it, it’s not a useful judgement. ☺️
My narrow use case is just installing packages. There are lots of packages not in the apt repository. All I’m saying is that aur has more stuff. Now, if apt repository has around the same amount as the aur then I could see how debian based distros are functionally as easy to use.
Do you look at the stuff in the aur? Because any of that stuff you install from there could be messed with because it’s a user repository. I specifically left arch because I had to look into all the packages I installed from the aur, and the stuff from the official repos was pretty limited compared to something like Debian. That took a lot of time. Or, you could always just install whatever you find with zero concern about security.
I’ve been running Debian for decades with maybe 2 problems I had to manually resolve with apt. I ran arch and manjaro for maybe a year, and had a handful. I’m certainly not going to say not to run arch, but it’s in no way easier to keep running than Debian. That’s literally Debian’s whole gig.
In all the years I’ve used the AUR I only heard of one pkg violating security, it was recognized pretty fast and was removed within hours from going up. AUR pkgs have history/track/votes on them, with thousands using them it is just as likely an official pkg having rogue code as an aur pkg.
Also, aur pkg are not really software written for the aur, it is software packaged for the arch ecosystem, and several other distros are using them.
Right, and that’s a good reason why you should feel reasonably comfortable installing very popular software from the aur, once it’s been there for a while. That’s not why people like the aur.
People like that you can get even unpopular stuff in the aur, and that’s the stuff you need to be suspicious of. If you’re getting some niche y2k era packet radio software from the aur, you should be checking how it’s packaged and what is actually being packaged. And if you have the knowledge to do that you might as well get the source and install it yourself. I’ll admit that i’m getting old, and I don’t know if that’s something people aren’t willing or able to do these days.
Maybe i’m just cranky about arch, but it just seems really stupid to me to go through manually installing and setting up your system just to either install some random crap from the aur, or have to manually review it all because the official repos are pretty bare.
2 Do you honestly think one can just make a fake account up, register, and publish an AUR pkg with rogue code that easy? There are checks for code whether it is safe or not, whether it is asking for right elevation, altering the filesystem’s rights, etc.
You are making it sound like registering for X and publishing a tweet.3 The most dangerous software I see on AUR is browser bins by the BIG NAMES not the little script stuff.
People are afraid of people instead of large corps
@constantokraI think people can hide lots of things in code, especially when people don’t generally look at it. And I know people don’t look at it when they talk about how convenient the aur is. It’s at best marginally more convenient than installing from source.
I’m not at all suggesting that people should place more trust in large companies. I’m suggesting that packages in the aur with lots and lots of users should be trusted more, specifically because some of them will be checking out the pkgbuild, and the source, and presumably some of them would notice if the software did something it wasn’t supposed to do. Obviously the larger the software the harder that all is to check, and correspondingly you’d want to see many more users using it before you’d extend it any trust.
My point being, i’ve not seen these discussions taking place. Maybe I’ve just missed them. But I feel like it’s appropriate to bring it up when I see people talking about just how.convenient the aur is. It’s really not that convenient if you’re using it in a way that i’d consider reasonable.
1 If you take an average AUR pkg and read its content (PKGBUILD) the procedure of building an arch like pkg is not very much unlike the practice of building and installing from source as in the old days. The difference is that when a new revision or need for patch, or rebuild due to fresh libraries/dependencies is necessary through your AUR helper you will be notified.
Yes. It is possible to verify what’s going on. That’s what I did when I used the aur. Do you think most people do that, or even look at see how many users are using the software? Or do you imagine they just install it blindly?
If you ever see a help video or article that suggests installing something from source, or run some script people generally tell the reader that they shouldn’t just run random code without looking at it. I’ve never once seen anything that suggested people should check the pkgbuild. I don’t have a problem with the aur. I just think it’s not nearly as trustworthy as it’s generally made out to be, and I don’t think people generally understand that it might even be a concern, or that you can check the validity of the package yourself.
One out of five pkgs in AUR are so unmaintained they don’t even build anymore.
Clieaning up junk is more urgent than screening what comes on.
@constantokra
I think that’s a Manjarno problem.
When you download new programs how do you do so? You just install flatpak or what?
New packages on flathub are moderated, though I haven’t encountered any problems from AUR’s moderation model either other than it sometimes being slow but harmful stuff is removed pretty fast
Ordinarily I use apt. Sometimes a flatpak if I trust the source. Otherwise it’s from source or usually something i’m running in docker, where I’ll check what it’s actually doing if i’m at all suspicious.
I don’t want to make too big a deal of the aur. When I was using arch and I needed something from the aur it was easy enough to see that it was a legitimately packaged piece of software. The only big deal is that it’s a real pain in the ass, and I know most people aren’t doing that, and I never see anyone mention it so I doubt people even consider that it could be an issue.
It comes down to what you trust. I trust the stuff I can get from Debian’s repos. I trust some other sources, and everything else I look at. I don’t trust the aur, and I sincerely doubt most people look at the software they’re installing from it to make sure it’s legit.
It’s really none of my business what others are comfortable with. The trustworthiness of where you get your software is a decision you have to make for yourself, and with the way people go on about the aur I get the feeling they don’t bother to decide. I don’t ever hear anyone acknowledge that there’s any sort of difference between the aur and Debian’s repos, but that’s just frankly an utterly absurd idea.
All I’m saying is that aur has more stuff.
Sure, but that does not equate to the premise you made that Arch is easier to use than Debian.
So it’s much easier to install stuff since it has everything you need.
I think they want you to talk about the other aspects of use, such as compatibility with hardware an whether there can be significant productivity roadblocks. (That said, the only said roadblock I’ve met is not being able to project and not being able to run a specific Android app)
You should check out Nix (the package manager). NixOS’s Nix package manager can be used outside its own system. It supports the vast majority of Linux operating systems as well as MacOS.
Nix’s package repository is gigantic like you wouldn’t believe, and Reaper is in it.
deleted by creator
What do you mean by contamination? (I’ve never used Nix)
deleted by creator
Is mint slower than Ubuntu? A bit surprised to hear an Ubuntu derivative called slow
deleted by creator
Dog. I’m an arch user. You can’t just say “Arch is easier than Debian” and then in the first part of your argument say:
Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
You do realize Arch just frontloads that effort right? It’s not any “easier.” We embrace the fucking manual. (Arch based distros aside…)
Now if you were praising the simplicity of
makepkg
and the PKGBUILD syntax then sure. As is, though, this is just a bad take.I’d argue that debian based distributions also need to refer to the documentation as well. If you have a simple setup, you probably don’t even need to visit the documentation on Arch.
That really isn’t true. Debian packages are often heavily patched and tested to make sure it fits into the rest of the ecosystem. While Arch does it too, they prefer to keep the packages as vanilla as possible - often requiring effort of the user’s side to make it work with the rest of the system. It’s a different philosophy. While Debian tries to be simple by being opinionated, Arch relies heavily on the effort of the users.
While Arch does it too, they prefer to keep the packages as vanilla as possible - often requiring effort of the user’s side to make it work with the rest of the system
To be honest, I have hardly ever had this experience. In my opinion, the distribution works so well precisely because Arch releases everything vanilla wherever possible. And in cases where the vanilla version doesn’t work, the Arch team patches it.
At least for me, AUR is last resort. I mainly use Flatpak, then offical repos, then finally AUR
So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR.
The platform for this would be available (https://mpr.makedeb.org).
Yes there is the apt repository but if you want something that’s not in there, get ready to read the documentation or follow random guides.
Not everything is available in the AUR either. It may therefore be necessary to create a own PKGBUILD file. And since anyone can publish something in the AUR, you should check the PKGBUILD file before installing or updating it. Both also require reading guides (https://wiki.archlinux.org/title/Arch_User_Repository, https://wiki.archlinux.org/title/PKGBUILD and so on).
On Arch, all I have to do is Paru -S Reaper,
This would give me the error message that the command was not found. Why do some people assume that everyone uses the same AUR helper as they do? I use aurutils, for example. This AUR helper offers more options but is more cumbersome to use in some cases.
Apart from that, the name of the package is reaper and not Reaper. So even if I would use paru, it would not work.
Now that Arch is so easy to install with the Archscript,
Easier? Yes. But archinstall had and still has some bugs. And archinstall, understandably, does not cover everything so that a manual installation is more flexible.
yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
Appimages or flatpaks are often the correct way to go, as many projects only publish such packages.
Edit: yeah yeah there’s flathub and stuff but that’s more of a last resort, optimally, you want to get it the correct way.
There’s also Homebrew, which is more like the AUR than any APT repository or other package solutions. The formulae are built from source by homebrew, so it’s basically like
yay
or, in your case,Paru
in that regards.This doesn’t necessarily negate the point of your post, but it’s still a myth that I bought into for a long time, so let’s nip it in the bud: there is no “correct way” to install apps/programs/packages. There may be a correct way for your use case, but everyone has different use cases, even people using the same OS on the same hardware. I prefer system installs like .deb packages because it minimizes disk space and memory usage, whereas someone might prefer sandboxed packages like flatpaks or AppImages because of the security implications; hell, some people might opt for containers like docker or k8s for the compartmentalization.
On to the point of your post: I just want a set and forget OS. I don’t care if it has the most recent updates or bleeding-edge features, I don’t care about squeezing every last drop of benchmark numbers out of my hardware. I just want to boot up my PC and get to doing the things I use a computer for, not maintain my OS and configure and reconfigure and rereconfigure settings.
Linux newbies regularly come on here, in this exact community, and lament about their arch install, levying the above complaint. The regulars’ responses usually boil down to “shouldn’t have gone with arch if you didn’t want to get your hands dirty.” I’m not gonna say it’s the same people, but it is the same userbase who will gleefully squeal “install Arch” when someone comes in asking “hey, I’ve never used Linux before, what distro should I use?”
“Use our distro, but all your problems are because you refuse to tailor your computer habits and schedule around the OS’ needs” is not a community I’d particularly want to be a part of either.
Also, Pacman is an absolute migraine if you go a week without updating. I have sunk hours into fixing dependency issues only to get so frustrated I just uninstalled the app because Pacman would hold up 1300 updates (not hyperbole) over a single dependency issue.
Reaper is as easy to install on Linux (any distro) as it is on Windows or OSX. Any packaged versions of it, other than the tar file that you can download from Reaper.fm, are maintained by a third party and have nothing to do with the distribution.
PS: IMHO, you want tools like Reaper and Bitwig to install directly unto your system rather than Snap, Flatpak, etc., due to the low level audio hardware interaction.
So the thing with Debian and any Debian based distro like Ubuntu or Linux Mint is there is no big centralized software repo like the AUR.
There is https://pacstall.dev/ the AUR for Ubuntu. It has a Lemmy community https://lemmy.ml/c/pacstall And there is PPA for Ubuntu. With the Arch AUR anyone can just upload something, and it is up to you to check whether it is uploaded malware or not. Sure, you can check how many others upvoted an AUR package but that is still no guarantee it is safe.
So then you’re saying the debian community sees value in something like the aur. Unlike all the other comments saying you should just use flatpak
Pacstall is for Ubuntu. I am not sure it can work well for Debian. Yes, sure, it is possible that some Ubuntu users see value in having AUR alike repositories to install from. Actually PPA for Ubuntu (PPA does not work well on Debian I’ve read) is kind of like AUR. The Personal Package Archives are uploaded by someone and provide newer versions of software, or provides software which is not in the main Ubuntu repositories. A good example of that is the PHP packages from Sury : https://deb.sury.org/
Imo Flathub/Flatpak is the correct way most of the time. I see zero need to install desktop apps any other way on Arch these days. It takes a lot of headaches away from users and developers. Different story for core packages and in case you actually want to compile stuff yourself of course, but I don’t see why I need an Arch-native version of LibreOffice or something. For some apps the Flatpak experience is even better than native (e.g. Lutris, Firefox).
The AUR and Arch’s packaging system are still amazing tho, because of the great flexibility they offer. I agree that setting up Arch based distros (not Arch itself, sorry :D) are easier to setup than Debian based ones partly because of this. Another big reason is the info readily available in the Arch Wiki imo. But maybe I’m just used to setting up Arch.
https://wiki.debian.org/DontBreakDebian
You really should never download a Debian package or install via a script. The proper way is to use a container or flatpak.
Flatpaks are isolated while I want to use my input method. Plus, they have larger sizes which can pile up over time
What input method? Flatpaks have controllable permissions that can be changed by the user.
As for large sizes, that hasn’t been the case for a while. The stuff that takes up the most space are libraries and they installed once. Usually a program will need either the KDE framework (for qt) or the gnome framework (gtk).
You gotta add the fact, that ArchLinux sometimes requires you to fiddle a lot when a update failed and broke a lot of stuff, there’s also the installation process, Debian is much more stable (and while archlinux is too), debian is generally a better option for beginners to its approach, And also Reaper is practically Avaliable on a crapton of distros, the fact that it provides binaries officially, and also that its avaliable on FlatHub.
The installation process has been pretty simple since archinstall and endeavourOS. The “sometimes” happens rarely, and the forums and mailing lists are pretty helpful.
The only times when an update broke a lot of stuff for me is 1. The infamous grub update which never happened again 2. Thunderbird dropped GTK support, not an Arch problem 3. I didn’t update for quite a while and had to do package replacements, which were automated by the package manager but was scary 4. Budgie and GNOME conflicted with each other. Weren’t very significant
Well yeah, but see the issue here ? Have you ever heard such issues with Debian. No. Arch had a fuckton of issues, especially with updates, exemple: when Arch was shipped with kernel 5.19.12, it was very unstable, most of the time these issues can not even appear, and its just depends of user experience, but issues do sure happens :/
Everyone is downvoting OP, but OP is literally the common case of what users actually want…
Honestly didn’t think I would get this much hate. People talking about how the correct way to install is flatpak most of the time, a comment right after says you shouldn’t use flatpak for low level, and other comments saying to install it the long manual way (which, admittedly, is the most secure way), nobody has admitted that it’s easier to install from aur rather than on debian.
If it’s a popular and maintained package on aur then most of the time it should be fine. Very rarely do I have to go to the official documentation to make the packages manually unless it’s a smaller project.
Because there’s still unfortunately a heap of Arch FUD and myths floating around.
FWIW, I agree with you. I ended up using Arch for the past almost decade now in part because of the repos and pacman.
I distro hopped a lot when I first moved to Linux (from Windows) before settling on Mint. Faffing about with adding repos didn’t feel like an improvement over the Windows experience of having to go to various websites to download files.
I was still pretty much a Linux noob when I moved to Arch. I’m glad I didn’t listen to all the FUD then about it being hard and terrible. It’s been so much easier to use and maintain than other distros I’ve used (or installed for other folks).
Arch requires significantly more tinkering to keep it working, compared to Debian. That’s not because of FUD. Arch has a more hands-on philosophy. It even says so on their wiki.
I have seen savvy users jump directly from Windows to Arch without trying easier distros like Mint. But if given a choice, I wouldn’t introduce anyone to Arch as their first distro. Most people are simply not that patient and are likely to give it up as being too hard. They are likely to give in to the actual FUD that Linux is not user-friendly.
It’s not unusual for people who have tasted the freedom that Arch gives you, to think that it’s the easiest distro around. But the Arch way of doing things is alien to most people around. It’s very important to set the expectations straight and not get carried away.
I’ve been using Arch as my daily driver for almost a decade. I think I might know how much tinkering it requires lol. You can look at Arch News and you’ll see there’s bugger all interventions required. I don’t bother to tinker with anything and haven’t in about three years because I’m happy with what I have. I don’t need to tinker if I don’t want to. 🤷🏻♀️
In that almost decade, I could count on one hand the number of times my system has broken and most of those was basic user error.
And I never said it was the easiest distro. You gotta stop making strawman arguments.
If you want to flex your experience, I have twice as much as you do, just with Arch. You are just speaking your perspective and extrapolating it to others. Neither the official Arch sources, nor the regular users’ experience match what you say. The argument you made is in complete disregard of the ability, patience or intent of the vast majority of users.
It’s a common trope that I see that newbie Linux users complaining about how Arch users talk down to them. I can see where that comes from.
EDIT: I am tired, in pain and was feeling grumpy when I wrote this this morning. I’m being a hypocrite and not coming to your level with compassion, kindness and patience like I should. So I’m going to bow out of this conversation and say agree to disagree. I’ll keep helping folks move to Linux like I have been for years and put my energy where I want it to go.
Original reply
You think I’m flexing? Interesting. And you want to tell me I’m extrapolating (projecting)?
Guessed I should have ‘flexed’ more and also explained that my experience is not just with my own PC but multiple PC’s, laptops and… not all mine. Yep, I’m ‘flexing’ about all the people I’ve helped install Linux (all Arch based oh no) with my years of flexing volunteer experience.
With all my years of years of volunteer work and helping countless people (including in a very vulnerable area of society) I only ever talk down to people yep. I totally don’t encourage everyone to come to people at their level with compassion, kindness and patience.
I’m just all bout the flex. 😂🤦🏻♀️
Maybe don’t make assumptions about someone’s motivations, experience and qualifications when you don’t actually know them?
I am tired, in pain and was feeling grumpy when I wrote this this morning.
Disagreement over a distro is nothing worth suffering for. Wish you a speedy recovery and better times ahead.
correct way to install is flatpak most of the time
It’s probably SUPER intimidating how many options there are for something as simple as “package management”. Who to trust. etc. People are just rough, and unkind. Stick with what works for you. What your’e comfortable with. That’s honestly the ONLY important aspect of this whole Linux endeavor. Complete control of YOUR computing experience. That gets lost in opinion and subjective conjecture more often than I can stand, honestly. It really is SO much saner on Arch, though. You’re absolutely correct. That’s why I stick with it myself. It gets out of my way and lets me do what I want to do.