I stay away from AUR because it is completely unsandboxed and unmonitored.
To be fair, I don’t believe flathub is constantly monitored, but at least it is (somewhat) sandboxed, if I set everything up in flatseal.
I have recently replaced my final .tar.gz app (git-credential-manager) with the builtin github extension of codium, and removed my final two ostree overlay with flatpak sdk extensions.
I mean, there are two options: You either don’t have the technical knowledge or time to install it yourself and thus you’d are fucked, or you don’t have the technical knowledge to read through the AUR and make sure it is safe and you could be fucked.
Or, a third option for the gurus: You build it yourself, but then you might aswell read through AUR and save yourself time.
Ideally you would install app directly from the app developer, who you are trusting by using their app; or your distros maintainer, who you are trusting by using their OS.
The use of AUR and/or unverified flathub app adds an additional person to trust, that is the person packaging these apps. flathub is slightly better as the app is sandboxed, so the damage they can cause is confined.
Unfortunately, AFAIK, there is no store for sandboxed command line apps, this is one of the reason I like to minimize my command line usage. So that I don’t need app that isn’t packaged by my distro maintainer (like oh-my-zsh) to improve my cli experience.
Tbf after searching for a just works distro and going down a distrohopping bunny hole I ended up on arch lol.
pacman -S gnome and everything is gucci + AUR is something else.
Yea I’ll stick with Arch for the AUR, so many times I’ve come across something I wanted to try and I see .tar.gz and I’m like ehhhh
9/10 it’s on the AUR
I stay away from AUR because it is completely unsandboxed and unmonitored.
To be fair, I don’t believe flathub is constantly monitored, but at least it is (somewhat) sandboxed, if I set everything up in flatseal.
I have recently replaced my final .tar.gz app (git-credential-manager) with the builtin github extension of codium, and removed my final two ostree overlay with flatpak sdk extensions.
I am now happy (except I can no longer gpg sign my commit… https://github.com/flathub/com.vscodium.codium/issues/105 )
I mean, there are two options: You either don’t have the technical knowledge or time to install it yourself and thus you’d are fucked, or you don’t have the technical knowledge to read through the AUR and make sure it is safe and you could be fucked.
Or, a third option for the gurus: You build it yourself, but then you might aswell read through AUR and save yourself time.
Ideally you would install app directly from the app developer, who you are trusting by using their app; or your distros maintainer, who you are trusting by using their OS.
The use of AUR and/or unverified flathub app adds an additional person to trust, that is the person packaging these apps. flathub is slightly better as the app is sandboxed, so the damage they can cause is confined.
Unfortunately, AFAIK, there is no store for sandboxed command line apps, this is one of the reason I like to minimize my command line usage. So that I don’t need app that isn’t packaged by my distro maintainer (like oh-my-zsh) to improve my cli experience.