If AUR is unsupported what is the point in Pamac

Comment on Pamac practically unusable after latest upgrade - #25 by federation

In this case, what’s the point to have a package called Manjaro-aur-support ?

Also, pamac is not only working funny when operating with the AUR …Federation is right !

I personally have issue with the searching of packages. The result of a search get wrongly display in the side filters menu. Also the search algorithm seems to somehow changed from previous version. In fact he seems to limit the search on the specific keyword used to search, and also it won’t display all the results but a limited amount.

Also, after a number of search… sometime even after only 1 search, clicking on the search icon would not result in showing the search textbox and there will be no way to make it happened and so only closing and opening again will allow to go back to normal.

Also, and this for me it has always been, there are issues with the packages pending “left in memory”. For example… an error was generated during the installation of 5 packages for example. Then clicking on PENDING and deselecting the package and give another go, will sometimes produce the desired effect, but most of the time pamac will still consider the package as it was never been unselected.

Also, sometimes get worse and even closing the app and reopening won’t be enough to solve the issue as pamac will keep trying to install the previous section package.

This is a very limited list of the current issues I have encounter with pamac. Bauh seems to work way better and not sure why it was deleted from the “included” packages of Manjaro Distro.

I love Manjaro, but recentely it was very unstable with KDE being the most unstable on my opinion.

I notice that it is not only me thinking so, you can see on DistroWatch to have a vague idea on how people have moved to different distro and this is a pity because Manjaro has been really the boss of the distro and still has lots to give away… but something seems to be changed internally and it does not seems to be working :/.

Please made us proud and be once again the King of all !

2 Likes

AUR is unsupported and it has always been so.

Being able to build a package using Pamac as AUR helper does not imply that content build from AUR buildscripts using Pamac is more supported than content build using yay or any other AUR helper.

I really like this article. I quote from the part on AUR helpers (August 2018 - AUR incident)

The problem is that they appear to have created a new breed of user; one who is much more easily able to break their system in ways we have never seen before, all the while having no idea how they did it. Guides on how to install AUR helpers take the shape of unknowns’ blog posts and YouTube videos. They exist in copy-paste form so that dear newbies don’t even have to worry about understanding any of this makepkg malarkey. Isn’t that kind of them?

The second clear flaw is that they can allow users to automatically clone AUR packages and build them without the user inspecting the package sources. Security-wise, this is as good as copy-pasting some shell scripts from a paste bin website (pick any of them) into your shell.

I like this quote because it put words on some of my thought on Manjaro users coming to the forum just to complain about their broken system.

image

You have created an account - just to rant over a comment stating that AUR is unsupported.

5 Likes

It might be needed to separate this in different thread but what problems do you have? I also always hear about such things but never experienced them myself.

…Have you ever considered a world without kings?

3 Likes

I can’t speak for anyone else but I have had no issues with Pamac. Alot of us here pay attention to the forum and see whats going on with updates the AUR Pamac etc.As far as KDE the only part unstable I have is I’m running the unstable branch and have no issues there either.

2 Likes

Well, this is classic Linux(Arch) user elitism. Expecting every user to read and understand PKGBUILDS is same as telling people to read the Kernel changelogs before updating. And this is what most people don’t get ‘NOT EVERYONE UNDERSTANDS THIS’. The whole linux community is based on the principle of having expert’s eyes on the code, thus noobs can use everything freely. And this is same for AUR, we use them because other people, who read the PKGBUILDS and understand it, use it, so it must be good. Restricting access to the AUR is Microsoft-like, which I’m happy Manjaro hasn’t done.
If Manjaro doesn’t support AUR officially, just put up a ‘Breakages due to AUR won’t be heeded to’.

Then you fundamentally misunderstand.
AUR is not a trusted source. You should not treat it as such. No matter your beliefs.

Oh … also here is your signage:
https://wiki.manjaro.org/index.php/Arch_User_Repository

First line quote:

Use the AUR at your own risk! No support will be provided by the Manjaro team for any issues that may arise relating to software installations from the AUR. When Manjaro is updated, AUR packages might stop working. This is not a Manjaro issue

6 Likes

It’s not elitism.
and
It’s not the same as … (see above) …

Why be so drastic - the caveats of perusing AUR are made perfectly clear all over the place.
But why not assist people who have problems with it? :wink:

That’s what I suggested, if it’s unsupported, put up a disclaimer/advisory.

Then why do people(‘experts’) use it? The most used packages are likely used by people that read the pkgbuilds and deem it safe right?

Coz it’s unsupported, which is made perfectly clear by Manjaro.

It’s unsupported as in:
it’s not part of the main distribution

but it can be used to get access to software that is not part of said main distribution
just like it is with Arch itself

Manjaro is not Arch - and thus, due to delayed updates, it might happen that some AUR packages will not work/compile in Manjaro, while they will work with Arch - it is the AUR after all, not the MUR …

The very same applies to PPA’s in the Debian/Ubuntu ecosystem, btw.
… not supported, but may be used …

AUR just is a helper in certain cases where other repos fail providing special apps. That said the few AUR apps can be handled with yay or some other script. No need to install AUR packages where you find them in distro repos, and flatpak. That is how I handle it.

Think of it a bit like buying drugs in an alley.
If you are street-smart enough to handle that situation … go ahead.
If you arent … you might get robbed, you might get something fake, you might pay too much, you might overdose.
So … if you arent comfortable with that … you should probably only get your dope from trusted sources (the repositories).

7 Likes

While being a somewhat harsh example it still paints a vivid and logical image.

I concur with previously made statements, and prefer to get my software from the official repo, only if there is no other way I check the AUR. The slower implementation of changes into the repos is what made me choose Manjaro over Arch.

1 Like

Heh. thanks … I have been wondering if it was a little off-base and almost deleting/editing for 20 minutes. :sweat_smile:

No, it was perfect. And I agree, I only take unavailable ‘stuff’ from there (Spotify-adblock, corectrl and optimus-manager-qt).

Just where TF did you dig this gem up from?

:rofl:

You don’t get it, do you?

Consider this scenario:

@LordTermor creates a PKGBUILD and posts it on the AUR. Said PKGBUILD removes your /bin and /etc directories; it doesn’t have to be malicious - just mistakes in commands. It gets past everyone’s eyes and stays there.

Now, me, @cscs and @linux-aarhus vouch for this package, and you install it…whoops, there goes your /bin and /etc directories.

Regardless of what you may think and feel, the resulting mess IS YOUR FAULT - for not bothering to even attempt to know what was being installed; not those that vouch for it.

Look, Manjaro and other Arch-based distros have made some pretty good strides in creating a decent OOB Arch-like experience. But remember, the daddy (Arch) is not (or ever has been) designed as user-friendly:

Quoting the ArchWiki [1]:

[1] Arch Linux - ArchWiki

8 Likes

At this risk of sounding pedantic, it’s not really a matter of “AUR = untrusted”.

It’s actually a matter of degrees / layers / levels of trust. We must remember that many “trusted” Community packages started off in the AUR and through voting (and other decisions) were promoted to the official repositories.


You can re-frame it as “effort required to establish equivalent level of trust” based on where you start from. In my opinion, the following scenarios all reach the same level of trust, assuming you are consistent:

  • AUR
    – Inspecting and understanding the PKGBUILD
    – Inspecting and understanding the additional source files
    – Inspecting and understanding the upstream project files

  • Repository
    Assuming package maintainer is trustworthy (skipping the need to inspect PKGBULD / source)
    – Inspecting and understanding the upstream project files

  • Upstream
    Assuming the developers are trustworthy (skipping the need to inspect source code)
    – …or not assuming trust, inspecting the source code


The above, in my opinion, all establish the same level of trust to the end user. Each level assumes a degree of trust (i.e, “outsources” the user’s trust to someone else, such as a package maintainer or upstream developer.)


To further this point:

I would argue that if a user does all the above (under the AUR scenario), they are committing to something just as safe (or possibly safer) than simply installing a package from the Community Repository without looking at anything and simply clicking Install. The latter case makes many assumptions that everything is fine upstream, and that the package maintainer trusts the upstream developer, and that the end-user trusts the package maintainer.

5 Likes

Yes, but thats harder to say. GJ <3

1 Like

You more or less correctly described my abilities in writing PKGBUILDs btw :rofl:

6 Likes

I’m still trying to figure out why every time someone has an issue with AUR it’s always Pamac’s fault.

2 Likes