this post was submitted on 29 Mar 2024
835 points (91.5% liked)

linuxmemes

21282 readers
1347 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] baseless_discourse@mander.xyz 3 points 7 months ago* (last edited 7 months ago) (1 children)

    I stay away from AUR because it is completely unsandboxed and unmonitored.

    To be fair, I don't believe flathub is constantly monitored, but at least it is (somewhat) sandboxed, if I set everything up in flatseal.

    I have recently replaced my final .tar.gz app (git-credential-manager) with the builtin github extension of codium, and removed my final two ostree overlay with flatpak sdk extensions.

    I am now happy (except I can no longer gpg sign my commit... https://github.com/flathub/com.vscodium.codium/issues/105 )

    [–] derpgon@programming.dev 2 points 7 months ago (1 children)

    I mean, there are two options: You either don't have the technical knowledge or time to install it yourself and thus you'd are fucked, or you don't have the technical knowledge to read through the AUR and make sure it is safe and you could be fucked.

    Or, a third option for the gurus: You build it yourself, but then you might aswell read through AUR and save yourself time.

    [–] baseless_discourse@mander.xyz 2 points 7 months ago

    Ideally you would install app directly from the app developer, who you are trusting by using their app; or your distros maintainer, who you are trusting by using their OS.

    The use of AUR and/or unverified flathub app adds an additional person to trust, that is the person packaging these apps. flathub is slightly better as the app is sandboxed, so the damage they can cause is confined.

    Unfortunately, AFAIK, there is no store for sandboxed command line apps, this is one of the reason I like to minimize my command line usage. So that I don't need app that isn't packaged by my distro maintainer (like oh-my-zsh) to improve my cli experience.