Hey everyone! I've decided to make the leap to Linux for my daily driver. After trying out a few distros, I settled on CatchyOS, which is based on Arch. It's been great for my dev work, browsing, and even some gaming on my old laptop and my powerful desktop. However, I'm starting to get anxious about using the Arch User Repository (AUR) since it's community maintained. I fear I might download a harmful package. I had issues trying to install the GitHub CLI, and although I got Chrome installed, that made me even more uncomfortable with the AUR. I don't have much time to review the packages myself, and I'm not sure if I can spot malicious packages easily. Should I be rethinking my choice of an Arch-based distro? Maybe I should just switch to Kubuntu? But I'm tired of constantly switching distros and spending hours setting them up. I'm also tempted to just stick with Windows. Am I overreacting?
1 Answer
Honestly, you've got reason to be cautious, but remember that the Arch core and extra repos are also community maintained. Just because it's community-driven doesn't mean it's unsafe. Most larger packages in the AUR are actually pretty reliable, but always check the PKGBUILD and stick to well-known packages to reduce risk. If it's stressing you out, definitely explore other options that might fit you better! Oh, and just a heads up, AUR is accessed via an AUR helper like yay or paru, not the package manager itself, which is pacman.
Thanks for the clarification on the AUR! I was really frustrated when I couldn't get the GitHub CLI installed, and that coupled with the uncertainty made me second guess myself. Would switching to a Debian-based system let me use .deb files directly and make things easier?