• giloronfoo@beehaw.org
    link
    fedilink
    arrow-up
    9
    arrow-down
    2
    ·
    9 months ago

    Except they can be hosted by the person/company making the software. This always seemed more trustworthy than AUR to me.

    Of course there are also community PPAs that would need the same scrutiny as AUR packages.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      5
      ·
      9 months ago

      You mean… zero scrutiny? 🙂 The big advantage of AUR is that there’s only one of it but that’s about it.

      The PPA model is fundamentally broken. As soon as you replace a core package from a PPA (which happens silently if it’s a dependency) you can kiss upgradeability goodbye. By the time the next Ubuntu release rolls out you’ll be in dependency hell and won’t be able to upgrade cleanly.

    • eardon@lemmy.ca
      link
      fedilink
      arrow-up
      1
      arrow-down
      3
      ·
      edit-2
      9 months ago

      Wait, being hosted by anyone makes it more secure?

      Jeez, I’m glad I’m not new to the internet and backwards rhetoric like yours just falls by the wayside because I’m so used to it.

      I just don’t expect more from you people at this point 🤣