Ask HN: Is anyone else leaving AUR?

4 points - today at 5:59 AM

I'm spending a lot of my time removing AUR packages for alternatives in the official Archlinux repositories.

I've shifted from Dropbox to RClone, from acpilight to brightnessctl, from spotify to spotify-launcher and so on.

Has anyone else having the same trust problem? Also, how do you stay updated with the situation?

I work in a corporate environment and malware is a no-go.

Comments

d3Xt3r today at 8:19 AM

Yeah, I've been trying to get away from the AUR too. Besides switching to alternatives from the main repo like you, I've also been using AppImage, Flatpak, brew and cargo. I think the only main AUR package remaining for me (not counting dependencies) is chawan-git.

As for keeping updated on the situation, I've been following the news in the Arch Linux discord and the Github page which had the AUR malware scanning script.

cui today at 6:28 AM

What's wrong with Dropbox?

casey2 today at 8:59 AM

Might be fun to do if you are unemployed, but since you've mentioned a job it's better to just read the install script for the high level overview then install it manually.

The general idea is to find a small set of programs, in a more supported set that serves your usecase. So you learn more about a smaller number of programs. Downside is that you are now able to rewrite your entire system in a single language.