For me, some of the software I use isn’t available on the official Arch repos, but they are on the AUR. I prefer the AUR over solutions like Flatpak or AppImages, but I use a mix of them all depending on what I need to install.
Interesting, I prefer Flatpak over the AUR when available, because the AUR seems more susceptible to attacks like this. I don’t know the security model of a Flatpak repository, so it’s just a feeling so far.
To the person(s) down voting this, please speak up about why. Let’s have a discussion, or maybe teach me something! 😃👍
True. I just hope I’m right in my way of thinking there, is all. 😅 Maybe someone more knowledgeable than I am could fill me in on wether or not Flatpak is actually a safer option than the AUR (given blindly installing stuff without inspection).
I believe Flatpak is safer than the AUR, as there is comparatively more vetting by third parties (e.g. Flathub). Also, the apps you install are sandboxd, which has upsides in terms of security but may have downsides for certain kinds of app, since permissions for full file access, communication with other apps, etc. are restricted by default.
I like the AUR since it’s more “native” than the one-size-fits-all Flatpak, but I use both depending on the use case for that app. Sometimes, one version is out of date, in which case I would prefer Tue other.
This is what I had assumed as well, so thanks for confirming!
Not sure how what you mean by “native” though. Flatpak apps don’t run in some kind of virtualization, do they? Or you mean native to the package system?
Native as in how Flatpaks are a universal package format while AUR is Arch-specific. There are some occasional quirks in some Flatpak apps. For instance, Flatpak Localsend does not detect the system accent colour, while the AUR version does. It’s not a problem for most apps though.
Yeah Flatpak applications need access to some portal or something I guess in order to gain access to stuff.
Meh, I like it. I use it for stuff I don’t necessarily trust, like Slack, Discord (which hasn’t been launched for a while now…), Steam (higher trust in that than the others though), etc. Non-free stuff. 🙂
For me, some of the software I use isn’t available on the official Arch repos, but they are on the AUR. I prefer the AUR over solutions like Flatpak or AppImages, but I use a mix of them all depending on what I need to install.
Interesting, I prefer Flatpak over the AUR when available, because the AUR seems more susceptible to attacks like this. I don’t know the security model of a Flatpak repository, so it’s just a feeling so far.
To the person(s) down voting this, please speak up about why. Let’s have a discussion, or maybe teach me something! 😃👍
The nice thing about Linux is that it gives you options, so you can decide which you prefer!
True. I just hope I’m right in my way of thinking there, is all. 😅 Maybe someone more knowledgeable than I am could fill me in on wether or not Flatpak is actually a safer option than the AUR (given blindly installing stuff without inspection).
I believe Flatpak is safer than the AUR, as there is comparatively more vetting by third parties (e.g. Flathub). Also, the apps you install are sandboxd, which has upsides in terms of security but may have downsides for certain kinds of app, since permissions for full file access, communication with other apps, etc. are restricted by default.
I like the AUR since it’s more “native” than the one-size-fits-all Flatpak, but I use both depending on the use case for that app. Sometimes, one version is out of date, in which case I would prefer Tue other.
This is what I had assumed as well, so thanks for confirming!
Not sure how what you mean by “native” though. Flatpak apps don’t run in some kind of virtualization, do they? Or you mean native to the package system?
Native as in how Flatpaks are a universal package format while AUR is Arch-specific. There are some occasional quirks in some Flatpak apps. For instance, Flatpak Localsend does not detect the system accent colour, while the AUR version does. It’s not a problem for most apps though.
Yeah Flatpak applications need access to some portal or something I guess in order to gain access to stuff.
Meh, I like it. I use it for stuff I don’t necessarily trust, like Slack, Discord (which hasn’t been launched for a while now…), Steam (higher trust in that than the others though), etc. Non-free stuff. 🙂