@sn0w but distro is just a set of repositories... if you make a multi-distro package manager, what you're actually making is a distro
@sn0w there's so much wrong in that thread I don't even know where to start...
i mean it basically solves what appimage/snap/flatpak are trying to do, but in better, optionally customizable, without ignoring the system packages, and updatable
@sn0w ok, so literally like aur, just build scripts, automating the process of building from source on end user's machine?
Well, let's look at a random pkgbuild
https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=timeshift
- dependencies - the exact names of packages listed there are distro-specific
- post-install hook - if you look inside that script, it assumes systemd
- prepare - patches the makefile, possibly in distro-specific / gcc-version-specific way though maybe not in this case
- package - puts glue-files in distro-specific paths
So you'd need to have a separate one for every distro-family at least.
@sn0w maybe a better idea would be to have a set of separate AURs, one for every distro, with a common search website or sth.
@wolf480pl @sn0w makedeb on #Debian has attempted to be a bridge similar to this.
https://makedeb.hunterwittenborn.com/ https://mpr.hunterwittenborn.com/
- replies
- 0
- announces
- 0
- likes
- 0
> do you really think it would be a bad thing to have an AUR everyone can use?
It's called pkgsrc.
@sn0w @lanodan @wolf480pl Having a reasonably high entry bar sounds like a good thing for this kind of project. The AUR is a horrible mess, and I still remember a package casually running rm -rf /usr. Imagine how often something would be done wrong if every idiot could contribute.
Additionally, version control is generally a good thing. If something happens to break, you can revert to a known-working version. If it has something like git branches, you can leverage this to also work with multiple release channels.
And mailing lists are a great tool for discussion, too. It’s free (as in freedom), and highly accessible. Additionally, not being owned by a big corpo gives it a better guarantee to stay open, and to have the history in a highly portable format.
it has the same security requirements as downloading and running some random exe on windows: the user needs to think before hitting enter and trust the source, which isn't really a bad thing imo given that this is a package manager exclusively for end-user non-system stuff, ideally as decentral as possible with a self-hosted repo for every software vendor/author
if sublime text decides to steal my .ssh folder that's on me for trusting them to not do shady stuff, and it doesn't matter if it got installed through a package, tar.gz, curl | bash, or whatever
@sn0w @wolf480pl @lanodan If it has no security whatsoever, I don’t think this has any value. I don’t want GNU+Linux to be just as bad as Windows.
As for software were I have a lack of trust… it just makes me wish things like actual video game consoles (ie. NES; not some PC-incompatible) would still exists.
I currently just stash them in a chroot or with at least run them as a different user.