• giloronfoo@beehaw.org
      link
      fedilink
      arrow-up
      9
      ·
      7 months ago

      Except they can be hosted by the person/company making the software. This always seemed more trustworthy than AUR to me.

      Of course there are also community PPAs that would need the same scrutiny as AUR packages.

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        5
        ·
        7 months ago

        You mean… zero scrutiny? 🙂 The big advantage of AUR is that there’s only one of it but that’s about it.

        The PPA model is fundamentally broken. As soon as you replace a core package from a PPA (which happens silently if it’s a dependency) you can kiss upgradeability goodbye. By the time the next Ubuntu release rolls out you’ll be in dependency hell and won’t be able to upgrade cleanly.

      • eardon@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        7 months ago

        Wait, being hosted by anyone makes it more secure?

        Jeez, I’m glad I’m not new to the internet and backwards rhetoric like yours just falls by the wayside because I’m so used to it.

        I just don’t expect more from you people at this point 🤣