• Anyone infected is at their own fault. Literally every single ressource and official statement is “read the diff of what you execute”, which would prevent 100% of the attacks.

      I’d rather not get cut off from my regular updates for some idiots who can’t read or think rules don’t apply to them. And yes, people who don’t understand the PKGBUILD format shouldn’t use the AUR on their own.

      • 100%

        But this is the problem. It’s like if Microsoft provided Windows with Limewire as a solution to download software. There’s bound to be people who are going to exploit it for malicious reasons, and there’s bound to be idiots who are going to fall for it. Heck, there’s the possibility that even someone who knows what they’re doing might also get caught at some point.

        It’s dangerous and irresponsible.

        • Arch doesn’t come with the AUR “installed”. The AUR is a repository of user scripts that exists on the internet. The user chooses to download the scripts, or install an AUR helper to download them automatically. There aren’t even AUR helpers in the official Arch repos, so you need to go out of your way to install them.

          Let’s not take one out of Apple’s playbook and limit what a user can do for “their owm safety” and because most people “don’t know what’s best for them”.

          • You kind of have to have guardrails though. Especially with the recent migration from Windows 11 to Linux, a lot of gamers, mostly younger and/or inexperienced users, are being recommended Arch via CatchyOS. And a lot of the advice they get involve enabling the AUR and getting their required software from there. Some of the troubleshooting documentation also provides instructions using the AUR. It may not come with Arch, but it sounds to me like it’s pretty indispensable.

            On the other hand, you have people saying that Arch isn’t for new users. That you have to be careful when using AUR and how dangerous it is. You have to know what you’re doing.

            So then why is it recommended so much? I feel like every other comment when people are asking questions on which Linux flavour to use the answer is always “just use Arch/just use X variant of Arch”. And when I talk about using another distro like Debian, people on Linux communities get really critical and ask “this distro sucks, why don’t you just use Arch/Catchy/X variant?”

            So which is it? Is it for everyone or not? Is it safe to use or not? Should anybody be using it or not?

            The comments are really conflicting with each other here.

            And honestly if we’re going to recommend Arch/Catchy/Whatever to new Linux adopters, there ought to be guardrails. Or don’t recommend Arch. And DON’T recommend using AUR. Try other workarounds instead of taking the easy AUR solution. You don’t simply give a loaded gun to someone who wants to do target practice without any precautions or anything to prevent them from hurting themselves or others. Maybe recommend an air-soft gun with some eye-protection goggles instead for target practice initially and let them learn the basics of firearm manipulation using that before moving on to the real deal.

      • Peak Linux nerd shit.

        People just want their updates to work and you’re out here screeching that users are holding it wrong and to read a bunch of diffs 🤣