You mean… zero scrutiny? 🙂 The big advantage of AUR is that there’s only one of it but that’s about it.
The PPA model is fundamentally broken. As soon as you replace a core package from a PPA (which happens silently if it’s a dependency) you can kiss upgradeability goodbye. By the time the next Ubuntu release rolls out you’ll be in dependency hell and won’t be able to upgrade cleanly.
It’s basically a privately hosted repo with a very small set of programs/libraries. PPA is a Personal Package Archive.
If you run Ubuntu (or most Debian derivatives) you can add a PPA as an extra repo and the version of software in that repo will usually be newer than the versions maintained by the distro (or even not present in the distro).
It’s not quite like the AUR - the AUR is a central public repo that people submit their packages to. Each PPA is a privately run and maintained repo with their packages in.
It is used by some projects to officially distribute their software but it is also something of a potential security nightmare.
What’s a PPA?
Basically Ubuntu’s version of the AUR.
Except they can be hosted by the person/company making the software. This always seemed more trustworthy than AUR to me.
Of course there are also community PPAs that would need the same scrutiny as AUR packages.
You mean… zero scrutiny? 🙂 The big advantage of AUR is that there’s only one of it but that’s about it.
The PPA model is fundamentally broken. As soon as you replace a core package from a PPA (which happens silently if it’s a dependency) you can kiss upgradeability goodbye. By the time the next Ubuntu release rolls out you’ll be in dependency hell and won’t be able to upgrade cleanly.
PPA:s are specifically hosted by Canonical, no? Otherwise it’s just a normal repo.
Wait, being hosted by anyone makes it more secure?
Jeez, I’m glad I’m not new to the internet and backwards rhetoric like yours just falls by the wayside because I’m so used to it.
I just don’t expect more from you people at this point 🤣
It’s basically a privately hosted repo with a very small set of programs/libraries. PPA is a Personal Package Archive.
If you run Ubuntu (or most Debian derivatives) you can add a PPA as an extra repo and the version of software in that repo will usually be newer than the versions maintained by the distro (or even not present in the distro).
It’s not quite like the AUR - the AUR is a central public repo that people submit their packages to. Each PPA is a privately run and maintained repo with their packages in.
It is used by some projects to officially distribute their software but it is also something of a potential security nightmare.
Ubuntu’ AUR (don’t try to use it in Debian tho).
Hopefully nothing but a bad memory in the future.