Hacker News new | ask | show | jobs
by adhesive_wombat 1547 days ago
I installed Ubuntu a few weeks ago at work because most people use it and there is some existing infrastructure around it (mostly for the target platforms, but could also be for dev machines).

I have to say that coming from Arch, it's a very Windowsy experience: lots of software has to be installed by searching for "install XYZ on Ubuntu", and following some instructions that involve scary-looking command lines that mess with cryptographic keys and add repos to my configuration, or, for a real Windows experience, install from a deb and hope you remember where you got it from when it needs an update.

I know the AUR is no more secure than that, but at least if someone makes a bogus package full of evil, it'll be flagged on that platform. If I install whatever from some random third-party repo, how will I ever know if it's gone bad?

Also, PKGBUILDs are just so easy.
3 comments
tapia 1547 days ago
I also come from Archlinux. A few months ago I discovered the mpr repository [1]. It is essentially the same as the AUR bit for Ubuntu. The syntax is also the same as the AUR packages, so it is super easy to port a package to Ubuntu. I highly recommend it.

[1] http://mpr.hunterwittenborn.com/

link
rlpb 1547 days ago
> lots of software has to be installed by searching for "install XYZ on Ubuntu", and following some instructions that involve scary-looking command lines that mess with cryptographic keys and add repos to my configuration, or, for a real Windows experience, install from a deb and hope you remember where you got it from when it needs an update.

Ironically this is exactly the problem that snaps solve; what you describe is exactly why others complain about it.

link
sreevisakh 1547 days ago
Snap wouldn't be facing such a big backlash if it solved those problems without adding a whole lot of others. Even worse, they completely ignore better alternatives that exist.
link
haunter 1547 days ago
>very Windowsy experience

>scary-looking command lines that mess with cryptographic keys

>for a real Windows experience, install from a deb and hope you remember where you got it from when it needs an update

Yeah I guess you didn't use Windows recently cause that never happens there

link
adhesive_wombat 1547 days ago
Googling for an exe or msi installer is fundamentally the same thing. Unless it's in the Windows Store, which it probably isn't.

Once installed, unless it has it's own phone-home for updates, you won't know if it's out of date.

link
sph 1547 days ago
To be fair googling for an exe is even worse. At least the weird apt incantations can be easily audited and understood by a proficient user, whereas on Windows you're running a binary downloaded from the Internet that you know is going to ask for superadmin permission to do its thing.
link
adhesive_wombat 1547 days ago
A third-party repo is the same: it's also an "Internet binary".

The AUR is slightly different in that (usually, there are some binary packages) you could in principle check the sources and build process before building it right there and then installing to the system with elevated privileges.

link