• giloronfoo@beehaw.org
        link
        fedilink
        arrow-up
        9
        arrow-down
        2
        ·
        9 months ago

        Except they can be hosted by the person/company making the software. This always seemed more trustworthy than AUR to me.

        Of course there are also community PPAs that would need the same scrutiny as AUR packages.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          5
          ·
          9 months ago

          You mean… zero scrutiny? 🙂 The big advantage of AUR is that there’s only one of it but that’s about it.

          The PPA model is fundamentally broken. As soon as you replace a core package from a PPA (which happens silently if it’s a dependency) you can kiss upgradeability goodbye. By the time the next Ubuntu release rolls out you’ll be in dependency hell and won’t be able to upgrade cleanly.

        • eardon
          link
          fedilink
          arrow-up
          1
          arrow-down
          3
          ·
          edit-2
          9 months ago

          Wait, being hosted by anyone makes it more secure?

          Jeez, I’m glad I’m not new to the internet and backwards rhetoric like yours just falls by the wayside because I’m so used to it.

          I just don’t expect more from you people at this point 🤣

    • BananaTrifleViolin@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      9 months ago

      It’s basically a privately hosted repo with a very small set of programs/libraries. PPA is a Personal Package Archive.

      If you run Ubuntu (or most Debian derivatives) you can add a PPA as an extra repo and the version of software in that repo will usually be newer than the versions maintained by the distro (or even not present in the distro).

      It’s not quite like the AUR - the AUR is a central public repo that people submit their packages to. Each PPA is a privately run and maintained repo with their packages in.

      It is used by some projects to officially distribute their software but it is also something of a potential security nightmare.

    • eardon
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      Hopefully nothing but a bad memory in the future.