← Back to context

Comment by badgersnake

1 day ago

> If you crash your car, you are liable for the accident.

Because I didn’t go through all the blueprints and find the flaw that led to the crash. This is a dumb argument. It’s also the one the AUR appears to be making.

5 comments

badgersnake

Reply
homebrewer  1 day ago

No, it's completely valid. The arch home page warns you that you're the one responsible for your system, and get to keep both pieces when something breaks. Everything is assembled with this philosophy in mind. This message is reinforced ten times more before the system is even installed and is up and running.

If this is not for you, that's fine, but it's been working very well for some of us for... decades, at this point? I'm not amused by the amount of people here wanting to turn arch into another Ubuntu, most of them having zero familiarity with how the AUR works, or arch more generally.

  • Barrin92  1 day ago

    >but it's been working very well for some of us for... decades, at this point?

    but it's worth asking why it's been working well. Has it been working well simply because it's been a niche ecosystem, or even because you wouldn't have known if it didn't because nobody did security audits?

    The Arch distribution model, which operates like the Javascript ecosystem, as in having a barebones core and then a zoo of unregulated third party community packages does not seem fine these days. As it became more popular it has naturally drawn attention and from that moment on you're just screwed because you have no security infrastructure. Arch pretty much lived off security through obscurity.

    And in particular with the popularity of these spin offs, I forgot what the name of the tiling wm thing is that got very popular, I think a lot of users are not aware that they're doing the software equivalent of buying medicine off craigslist

    • embedding-shape  1 day ago

      > The Arch distribution model, which operates like the Javascript ecosystem, as in having a barebones core and then a zoo of unregulated third party community packages does not seem fine these days

      It's hard to take the rest of your comment seriously when you don't seem to have a basic understanding of the parts involved here. Arch's distribution model isn't at all like npm (which I guess is what you're actually talking about here), but the AUR specifically is pretty similar to npm. But the AUR isn't Arch's main distribution model, and the official Arch repositories contain a ton of packages in the core, so not even the "barebones core" is correct here.

      Arch has pretty much lived off the experience of its users, which is the entire purpose and value-proposition of the OS. You want someone else to be responsible, you're welcome to use the countless of other distributions, Arch is quite literally not the OS for a "Don't read anything and press Update, hope for the best" experience, and I hope the core team continues to push back against that, which they've done for decades at this point.

      It's sad, because overall you have a point somewhere there but the big misconceptions kind of hide that message though.

      2 replies →