• 2 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: June 15th, 2023

help-circle

  • Gecko@lemmy.worldtoLinux@lemmy.mlWhy does nobody maintain PPAs anymore?
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    edit-2
    6 months ago

    Jia Tan liked your comment

    Without the traditional distribution workflow […]

    You are aware that the xz exploit made it into Debian Testing and Fedora 40 despite the traditional distribution workflows? Distro maintainers are not a silver bullet when it comes to security. They have to watch hundreds to thousands of packages so having them do security checks for each package is simply not feasible.


  • As someone who owns a PinePhone I can tell you that a lot more work needs to be done first. postmarketOS is ok but being Alpine based means you have to forever deal with all the issues that come with it including its primitive package manager. And mobian also kept breaking ever other half a year or so requiring manual config changes etc.

    What we need IMO, is a more reliable spin like Fedora, maybe even something immutable like Silverblue to ensure the stability required for a daily driver device while also being quick to deploy the latest versions of releases.

    There’s also the whole app ecosystem aspect but between advances in Waydroid and convergent GTK apps, I’m more concerned about the underlying base OS than the app ecosystem ^^














  • Fedora has a KDE spin and gets some updates faster than even Arch (e.g. new Gnome releases) while also being considered stable. Heck even the the Asahi Linux project switched from Arch to Fedora as a base recently.

    If you really need something from the AUR you can just use distrobox to generate an arch container and install the AUR package in there. You can then export it from distrobox to your application list with a single comment so that the fact that it’s running inside distrobox becomes completely transparent.

    That way you have a stable but up-to-date base while also still having access to AUR.

    That being said, in my 7 years on Linux I never needed something that was only accessible in AUR but maybe that’s just me ¯\_(ツ)_/¯





  • This. And even then there should be procedures in place to essentially make it impossible to send the wrong inputs.

    It’s like when an intern accidentally drops the production database. It’s not the interns fault for sending the wrong command. It’s the managements fault for not restricting access in the first place.