A lot of people probably won’t like this, but personally I feel like Arch is a terrible OS from an average user’s perspective. It offers nothing notable of value to its users, while making sacrifices in critical areas.
Unstable as hell and constantly breaks for no reason. On top of that, it’s seriously insecure, as shown on exhibit A. It’s not the first time, and it won’t be the last.
Why not use Mint, Fedora, Zorin, Pop!_OS, or any of countless Linux distros that work perfectly and don’t suffer from Arch’s issues?
Note: I’m not an OS developer and mean no hate towards Arch devs or users. I’m simply speaking from a user experience perspective.
“Unstable as hell”, “breaks for no reasons”, “seriously insecure”, other distros “work perfectly”. I find this kind of uninformed hyperbole tiring, but probably entirely descriptive of your own user journey. Arch is intended for technical users, not “average users” (Whatever that means), and people should not be recommending that their uninitiated friends start their Linux journey there unless they’re prepared and capable of providing technical support. I used Fedora and Ubuntu for decades before moving to Arch a few years ago, and I’ve never loved an OS more than I love this one. But that’s my journey.
Everyone has their own preferences and experiences. Arch remains one of my top used Linux distros, maybe 2nd most used overall. Switching away from it was a great decision for me. For others, switching to it may have been great.
and people should not be recommending that their uninitiated friends start their Linux journey there
This is a good point, and perhaps one of the main issues. However, part of the blame rests on Arch developers, because for some reason they try to make it more accessible (like including the arch install script in the official iso). So the “Arch is intended for technical users” is less true, as per devs themselves.
Arch is deliberately minimal making it a good base system in the same way Debian or Fedora is. It’s smaller, simpler, updates faster than the others and is far more configurable. It is however not built for the average user and most distros built on top of it that try to make it more “usable” are IMO pretty dangerous ideas. I think the only derivative i’ve tried that was good was SteamOS because they made it Atomic like nix or silverblue.
None of this really has to do with the AUR. That was always labelled as “use at your own risk”. And to their credit they caught and addressed the attack within a day of it happening. Still, hosting user PKGBUILDs and leaving it to individual users to audit them is not a secure solution, its just punting on the responsibility.
“More easily configurable” would be more accurate, because there’s less things that could get in your way. The system is designed to make it as simple as possible from a developers perspective.
Its the same config file designed in the exact same way. The only difference is on Arch the user may know how their system fits together but they very well may not.
Or maybe I can agree with “more configurable” if I shift my perspective of configuration to be taking a default and adding/removing. Because arch users will add a lot of things and pre configured distros wont need to add as many things and maybe that means more configuration is happening. Even though both users can theoretically add and remove the same amount.
My experience is arch is more stable than ubuntu. Broke once in the last 10 years, because of a bug in a package, fixed the system with manual upgrade from live usb in 1h.
AUR is not part of the archlinux repositories, it’s a community thing with mostly the same security problems every similar package manager has (npm, gems, etc.)
1-1, we did not learn anything except you don’t like arch.
Looks like you’ve never been to the Arch Linux website. The AUR link sits right next to the official Packages link. Only upon clicking the link you get a moderately visible disclaimer that “AUR packages are user produced content.”, which is also true for all other packages, so it’s not exactly clear what it means.
I mean, seriously, if that’s not being ‘part of the archlinux repositories’, then I guess Arch has no repositories.
The arch wiki page for the AUR has a big, vibrant red box in the intro section stating:
Warning
AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.
If you have ever installed something through the AUR in the intended way, you would know that it does not involve running the package manager tool until the very last step. You need to git checkout the package recipe, build it. This is clearly what the post you are answering to meant by “not part of the arch linux repositories”.
That’s cool and all, but why is that full disclaimer not present on the AUR part of the Arch website? Only a portion of it, which to me at least, makes limited sense.
You go to archlinux.org, you press on AUR, there’s no disclaimer about AUR packages not being thoroughly vetted, you find a package you need, and you do yay -S package.
To give Arch some credit - Arch wiki does state that “AUR helpers are not supported by Arch Linux.”, in a red warning at the top of the page. That’s precisely the kind of disclaimer that, in my opinion, should be posted on the AUR website. Nobody goes to the wiki if they don’t need it.
At the end of the day, this may be an argument over nothing, because even if Arch developers adopted my suggestions, I realize it wouldn’t noticeably affect anything.
It’s more about principles. The OS itself may be (or may have been) targeted towards technical users. But then more user-friendly tools were created, which the developers know perfectly well are used by almost all Arch users. Furthermore, they themselves adopt some of these tools, making the OS less for technical users, and more for average users.
Knowing full well the risks, they refrain from putting adequate warnings and disclaimers where people would actually see them. While they may not be at fault, this just looks a lot like corporations that technically aren’t guilty of anything, but are aware of issues and don’t even try to solve them, while actively increasing the risk of more people being affected.
I mean, genuinely, why aren’t the disclaimers from Arch wiki present on the Arch Linux website? What’s stopping the Arch team from putting them there?
I mean, you are right in this sense I guess. I see this topic from the POV of an arch user in the original sense: I installed the OS myself and made concious decisions about how I built up my OS, I by default read the wiki, I know why and how I do what in my system installation. From my POV it is obvious that there is no problem here. But maybe due to the rise of the user friendly arch-based OS-es (which is an oxymoron in my opinion) the current state of the OS should be reevaluated.
In the end, my opinion still is that if you use tools like yay, you are probably not the target audience, and maybe got lured into using arch due to the memes or stigma. Maybe the entry barrier should be lifted in the sense that for example the AUR and archinstall are split off the project into their separate own thing. Weird situation IMO…
AUR is supposed the last resort, after distro repos, building from source, Flatpak, and Appimage. Ubuntu’s equivalent to the AUR would be PPAs.
Personally, I have fewer problems gaming on Arch than any other I’ve tried.
Edit: Snap is bad for software freedom. I won’t touch Ubuntu anymore; if I use apt, I meant apt and not snap. Hijacking my command is Microsoft-style rug-pulling.
I’m not a fan of Ubuntu either, but at least it doesn’t break or get hacked every week.
AUR is supposed the last resort, after distro repos, building from source, Flatpak, and Appimage. Ubuntu’s equivalent to the AUR would be PPAs.
That’s the problem. AUR is not the last resort. There’s nobody who would build an app from source before installing it through AUR. Most people wouldn’t even use appimages over AUR.
Even on the official Arch Linux website, ‘AUR’ is literally right next to ‘Packages’, making it seem like a good and secure way of installing applications. Which it isn’t.
A lot of people probably won’t like this, but personally I feel like Arch is a terrible OS from an average user’s perspective. It offers nothing notable of value to its users, while making sacrifices in critical areas.
Unstable as hell and constantly breaks for no reason. On top of that, it’s seriously insecure, as shown on exhibit A. It’s not the first time, and it won’t be the last.
Why not use Mint, Fedora, Zorin, Pop!_OS, or any of countless Linux distros that work perfectly and don’t suffer from Arch’s issues?
Note: I’m not an OS developer and mean no hate towards Arch devs or users. I’m simply speaking from a user experience perspective.
“Unstable as hell”, “breaks for no reasons”, “seriously insecure”, other distros “work perfectly”. I find this kind of uninformed hyperbole tiring, but probably entirely descriptive of your own user journey. Arch is intended for technical users, not “average users” (Whatever that means), and people should not be recommending that their uninitiated friends start their Linux journey there unless they’re prepared and capable of providing technical support. I used Fedora and Ubuntu for decades before moving to Arch a few years ago, and I’ve never loved an OS more than I love this one. But that’s my journey.
Everyone has their own preferences and experiences. Arch remains one of my top used Linux distros, maybe 2nd most used overall. Switching away from it was a great decision for me. For others, switching to it may have been great.
This is a good point, and perhaps one of the main issues. However, part of the blame rests on Arch developers, because for some reason they try to make it more accessible (like including the arch install script in the official iso). So the “Arch is intended for technical users” is less true, as per devs themselves.
Arch is deliberately minimal making it a good base system in the same way Debian or Fedora is. It’s smaller, simpler, updates faster than the others and is far more configurable. It is however not built for the average user and most distros built on top of it that try to make it more “usable” are IMO pretty dangerous ideas. I think the only derivative i’ve tried that was good was SteamOS because they made it Atomic like nix or silverblue.
None of this really has to do with the AUR. That was always labelled as “use at your own risk”. And to their credit they caught and addressed the attack within a day of it happening. Still, hosting user PKGBUILDs and leaving it to individual users to audit them is not a secure solution, its just punting on the responsibility.
How is it any more configurable than other distros?
“More easily configurable” would be more accurate, because there’s less things that could get in your way. The system is designed to make it as simple as possible from a developers perspective.
Get off my lawn!! …mumbles something incomprehensible about Slackware.
Its the same config file designed in the exact same way. The only difference is on Arch the user may know how their system fits together but they very well may not.
Or maybe I can agree with “more configurable” if I shift my perspective of configuration to be taking a default and adding/removing. Because arch users will add a lot of things and pre configured distros wont need to add as many things and maybe that means more configuration is happening. Even though both users can theoretically add and remove the same amount.
My experience is arch is more stable than ubuntu. Broke once in the last 10 years, because of a bug in a package, fixed the system with manual upgrade from live usb in 1h. AUR is not part of the archlinux repositories, it’s a community thing with mostly the same security problems every similar package manager has (npm, gems, etc.)
1-1, we did not learn anything except you don’t like arch.
Looks like you’ve never been to the Arch Linux website. The AUR link sits right next to the official Packages link. Only upon clicking the link you get a moderately visible disclaimer that “AUR packages are user produced content.”, which is also true for all other packages, so it’s not exactly clear what it means.
I mean, seriously, if that’s not being ‘part of the archlinux repositories’, then I guess Arch has no repositories.
The arch wiki page for the AUR has a big, vibrant red box in the intro section stating:
Warning AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.
If you have ever installed something through the AUR in the intended way, you would know that it does not involve running the package manager tool until the very last step. You need to git checkout the package recipe, build it. This is clearly what the post you are answering to meant by “not part of the arch linux repositories”.
That’s cool and all, but why is that full disclaimer not present on the AUR part of the Arch website? Only a portion of it, which to me at least, makes limited sense.
You go to archlinux.org, you press on AUR, there’s no disclaimer about AUR packages not being thoroughly vetted, you find a package you need, and you do yay -S package.
To give Arch some credit - Arch wiki does state that “AUR helpers are not supported by Arch Linux.”, in a red warning at the top of the page. That’s precisely the kind of disclaimer that, in my opinion, should be posted on the AUR website. Nobody goes to the wiki if they don’t need it.
At the end of the day, this may be an argument over nothing, because even if Arch developers adopted my suggestions, I realize it wouldn’t noticeably affect anything.
It’s more about principles. The OS itself may be (or may have been) targeted towards technical users. But then more user-friendly tools were created, which the developers know perfectly well are used by almost all Arch users. Furthermore, they themselves adopt some of these tools, making the OS less for technical users, and more for average users.
Knowing full well the risks, they refrain from putting adequate warnings and disclaimers where people would actually see them. While they may not be at fault, this just looks a lot like corporations that technically aren’t guilty of anything, but are aware of issues and don’t even try to solve them, while actively increasing the risk of more people being affected.
I mean, genuinely, why aren’t the disclaimers from Arch wiki present on the Arch Linux website? What’s stopping the Arch team from putting them there?
I mean, you are right in this sense I guess. I see this topic from the POV of an arch user in the original sense: I installed the OS myself and made concious decisions about how I built up my OS, I by default read the wiki, I know why and how I do what in my system installation. From my POV it is obvious that there is no problem here. But maybe due to the rise of the user friendly arch-based OS-es (which is an oxymoron in my opinion) the current state of the OS should be reevaluated.
In the end, my opinion still is that if you use tools like yay, you are probably not the target audience, and maybe got lured into using arch due to the memes or stigma. Maybe the entry barrier should be lifted in the sense that for example the AUR and archinstall are split off the project into their separate own thing. Weird situation IMO…
You said Ubuntu three times. /s
AUR is supposed the last resort, after distro repos, building from source, Flatpak, and Appimage. Ubuntu’s equivalent to the AUR would be PPAs.
Personally, I have fewer problems gaming on Arch than any other I’ve tried.
Edit: Snap is bad for software freedom. I won’t touch Ubuntu anymore; if I use
apt, I meantaptand notsnap. Hijacking my command is Microsoft-style rug-pulling.I’m not a fan of Ubuntu either, but at least it doesn’t break or get hacked every week.
That’s the problem. AUR is not the last resort. There’s nobody who would build an app from source before installing it through AUR. Most people wouldn’t even use appimages over AUR.
Even on the official Arch Linux website, ‘AUR’ is literally right next to ‘Packages’, making it seem like a good and secure way of installing applications. Which it isn’t.
He said Debian 3 times
I had heard that Ubuntu is an old African word for “can’t configure Debian”