package myself; I chose Gentoo (and previously Arch) in part because its reasonably easy to package things there.
Most build systems are covered by eclasses ( libraries) that handle the repetitive minutia every package that build system needs.
Here’s the tuba ebuild for example (from GURU, the Gentoo equivalent of the AUR), 90% of it is just listing the dependencies and telling it to use a few eclasses to handle everything else.
Oh, and here’s the lemmy back end ebuild, the giant wall of crates is automatically generated/updated from a tool that reads the cargo files. (needed because Gentoo doesn’t allow internet access during the build for normal packages so crates are downloaded ahead of time)
Which, again, misses the point. Original OP said “install native” replying OP said “but what about (package)” (obviously intending that to be a gotcha) and I replied with “well it’s in mine”
I have no idea what debs& rpms are available, nor do i care.
And what is this “possibly broken aur” rubbish ? It’s a repository, and it most certainly isn’t broken.
Individual packages may be broken but they can be broken in any repository. Are you saying there’s never been a broken package in a debian repository ? Lol.
Edit to correct “you” to “OP” as you aren’t the original person doing the “whataboutism”
Do you check packages you install from the aur? I ask, because it seems like people don’t. I did, and it was a pain in the ass, and that’s why I stopped using arch and arch based distros.
Basically this. Not saying the “AUR breaking your system” thing isn’t, well, a thing but I get “error aborting installation” warnings waaaaay more often than my system just outright dying because of an AUR package (which is to say, it’s never actually happened to me).
And usually, when I see that warning, I go “kay, not even gonna bother” because if I ignore it and try to brute force the install…yeah, that potential breakage is on me, not the AUR
Ditto. I’ve literally never had an aur package break my system either, but like you if it doesnt want to play first go, I’ll almost always find an alternative.
None of the above. Native debs/rpms/whatever for desktops, docker images for servers.
but what about the apps that are not in the official repository?
for example tuba the mastodon client
package myself; I chose Gentoo (and previously Arch) in part because its reasonably easy to package things there.
Most build systems are covered by eclasses ( libraries) that handle the repetitive minutia every package that build system needs.
Here’s the tuba ebuild for example (from GURU, the Gentoo equivalent of the AUR), 90% of it is just listing the dependencies and telling it to use a few eclasses to handle everything else.
Oh, and here’s the lemmy back end ebuild, the giant wall of crates is automatically generated/updated from a tool that reads the cargo files. (needed because Gentoo doesn’t allow internet access during the build for normal packages so crates are downloaded ahead of time)
Then a tgz that I unpack to /opt/ or somewhere in ~/
Tuba is in the AUR
aur is limited to arch based distros only
And rpms are for redhat tree, so ?
OP said
Your example package is readily available in my distro in native was my point. If your distro doesn’t have it then maybe you need to change distros.
Arch users being like “I have it in my AUR. What more could other people ask for ?”
You should realise it’s a possibility not to want to change a system just to use (possibly broken) AUR
Which, again, misses the point. Original OP said “install native” replying OP said “but what about (package)” (obviously intending that to be a gotcha) and I replied with “well it’s in mine”
I have no idea what debs& rpms are available, nor do i care.
And what is this “possibly broken aur” rubbish ? It’s a repository, and it most certainly isn’t broken.
Individual packages may be broken but they can be broken in any repository. Are you saying there’s never been a broken package in a debian repository ? Lol.
Edit to correct “you” to “OP” as you aren’t the original person doing the “whataboutism”
Do you check packages you install from the aur? I ask, because it seems like people don’t. I did, and it was a pain in the ass, and that’s why I stopped using arch and arch based distros.
The aur has now broke your system congrats
Nope, nothing broke but
Aborting… error: failed to build ‘tuba-0.4.0-0.1’:
and I can’t be arsed troubleshooting why for a package I have no intention of using. LOL
Basically this. Not saying the “AUR breaking your system” thing isn’t, well, a thing but I get “error aborting installation” warnings waaaaay more often than my system just outright dying because of an AUR package (which is to say, it’s never actually happened to me).
And usually, when I see that warning, I go “kay, not even gonna bother” because if I ignore it and try to brute force the install…yeah, that potential breakage is on me, not the AUR
Ditto. I’ve literally never had an aur package break my system either, but like you if it doesnt want to play first go, I’ll almost always find an alternative.
I hope you turn on DCT because docker image downloads are totally insecure by default.
What’s DCT? I’m not actually running Docker but Kubernetes.
Docker Content Trust. Its the (off by default and pretty broken) way that docker would verify what it downloads wasn’t maliciously modified