Of course the secondary opt-in user repo with unvetted package maintainers is infected with malware, it’d be a miracle if it weren’t! They warn as much in the docs. Use at your own risk, or package and maintain it yourself, because you’re likely not finding it packaged more reliably elsewhere.
And I love Debian, but if you think the Debian repos with 30,000+ packages and 1000+ community maintainers aren’t also infected with malware…
There hasn’t been a single reported incident so far. So, as far as we know… No. They aren’t infected.
And I trust the community of elders that take care of the Debian distro. They have been reliable and solid. They don’t just throw anything at the users on Stable. Even Testing is considered safer than most distributions.
It’s stable, it has a HUGE software repo (one of the largest ones if I’m not mistaken), third party software and drivers are almost always available as a Debian package, the community behind it is actually serious about making it safe and problem free. So what if some of the software is not bleeding edge? At least I can rest easy when I’m updating my system. I’ll almost never have any bad surprises like you get in Arch.
Arch just takes whatever the latest software is and throws it in the repos for the users to figure out if it breaks. Half the solutions you find in the wiki are half-baked solutions just to make things work, but are often not standard or even secure, leaving your system with security holes.
What makes this a fair argument? Debian not having an AUR analogue? It’s a shit response from someone who couldn’t even be bothered to look up any information on what the AUR is or how it’s supposed to be used. And what exactly is wrong with using debian on a “main pc”? If people want ancient packages with backported security patches they can knock themselves out. It doesn’t fit my requirements, but there’s nothing wrong with it either.
Its rather subjective but it wouldn’t be the first time updating arch has broken my system and its fair that some people don’t want to deal with that and much prefer some more mature.
And i have no qualms with people who do use debian for a main system but i do assume everyone who do are retired folk with a long career in computing behind them and aren’t in the market to change to another.
But that sounds about right. I work in IT and troubleshoot IT problems all day. The last thing I want to do is troubleshoot my PC when I get home. I just want an OS that works. Debian is the best in that regards.
Who is having breaking update issues anymore in 2026? I’ve been running vanilla Arch for 10 years and the only times that has happened (there have been a handful I guess) the archwiki says “hey there’s a breaking change run these 2 commands” and it’s fixed. As a beginner on Linux I actually switched to Arch because every Ubuntu issue I googled was 6 to 10 lines to fix while arch was 1 to 3 lines. The only problem is that the OS expects that you be able to read, which is sometimes tough.
I can’t imagine being on a system that is multiple major releases behind on basic things like nvim and python. I guess if you’re content not to use anything remotely current it makes sense.
Being behind a few releases isn’t that bad, honestly. At least you’re certain it’s going to be well tested and the majority of problems have been ironed out. And there’ll be documentation already on how to fix things or work around certain missing features if that ever occurs. It’s much less of a hassle.
The AUR is not the standard arch package repository and arch as a distro shouldn’t be judged by it’s merits or dangers. Yes, obviously a rolling release distro is not the best fit for most people, but that’s beside the point. Debian is completely fine for people who are looking to replace their windows machine with something stable and don’t need ton of exotic software or especially recent packages.
Not even. The PPAs are created and hosted by very specific maintainers with very specific packages. So you have someone to blame and a single software to clean up if things go wrong. And word spreads fast. Yes, there’s a risk, but you can sort of judge how big of a risk it is.
Meanwhile with AUR, it’s just a giant repo in which anybody can just dump whatever. The risks are huge. If I were on Arch, I wouldn’t touch it for anything. I’d rather compile the source code myself for any software I need instead of getting it there.
Sure, I might have over simplified my comment by simply saying “PPA”, but custom repos on Debian have been a way to circumvent the slow release cycle for a very long time. And everyone here gets the comparison. When adding repos on Debian, you should verify the source just as one might from the AUR. I’d argue because of the slow release cycle, users find themselves looking for solutions to pull in newer software all the time and probably more than Arch. Both solutions are trying to solve the same problem - provide software not available officially - and both can be malicious.
I agree, once a user decides to take the effort to setup their Arch install to use the AUR, it’s much easier just start installing whatever without checking, and unfortunately that’s the price of freedom to having access to so much, so easily and so quickly. Some are pulling binaries, most are pulling git repos and building from source. Either way it’s pretty easy to see what’s going on by taking a quick look at the PKGBUILD and with care, it’s kinda awesome.
People didn’t downvote you because they don’t like Debian or disagree it’s stable. Or even because they are pretending the AUR is not dangerous. They downvoted you because you provided Debian as solution to using Arch in such a naive manner. It sounds like you think the AUR is the official Arch repo where users are getting their OS updates. I’m not going to lie and pretend arch updates haven’t provided me a headache from time to time, but overall it’s fantastic and there are distros of arch that provide a bit more of a buffer if you need it.
I’ve been using Debian since the late 90s. I still use it for all of my servers to this day. I have even used it as a workstation many times over the years. But the thing is, I always find myself adding non official repos, compiling my own kernels / pulling in custom kernels (sometimes) and building specific software from source before I consider it in working order. When you build a new workstation using newly released hardware, running vanilla Debian it can take years to get the point to allow you to use that hardware properly. Even on my servers, running on 4 year old hardware, I have a laundry list of “fixes” to get it where I need it to be. Just shell out thousands for a brand new gaming rig? It can be done, you can tweak a Debian vanilla install into a gaming powerhouse, getting a lot of the latest bells and whistles, but it takes effort and knowledge to do so. Desktop Linux is having a moment and it’s not a coincidence that valve switched from Debian to Arch.
We have multiple distros for a reason. Snaps flatpaks, app images, launchpad PPAs, and custom repos are all trying to fill that gap. Debian is awesome but not the solution to that specific problem.
I’ve been a Linux user for 26 years. I made distros for hardware manufacturers. I know very well the distinctions between the AUR and the regular Arch repos and the parallel with Debian’s.
With Arch, the problem is that the AUR is available in the first place and is very easy to enable. People, especially new users, won’t necessarily understand what they’re getting into when enabling it and getting packages from there. A lot of the advice people get online suggest to get packages from AUR. So Arch users are bound to use it at some point.
And if you add to that the fact that the standard repo has bleeding edge package versions with minimal testing means that vulnerabilities can also get introduced. And it’s happened before. This affected Arch, OpenSUSE Tumbleweed, Fedora, but you know what distribution wasn’t affected? Debian stable and Ubuntu LTS.
And on top of that, I’m not even going to mention how unstable it is and how even just making updates is risky on Arch. You have to be on your toes all the time and you can end up with a broken system at any time. For a main PC operating system, I find that absolutely unacceptable. At least Manjaro tried to improve on this.
Valve switching to Arch makes sense though. They moved to Arch because they wanted the most up to date software and drivers available with a faster release cycle. Then control what versions they push to their devices. They keep a tight control over what gets updated by curating their own repositories. So it’s not purely Arch either. It’s Arch-based. You can expect software to be a little older on Steam OS.
In any case. For me, Debian is the solution. I’m looking for stability and security. It has a huge repo with practically every software under the sun. There’s tons of documentation and support and a huge community. For me the distribution works OOTB without any hitch. I just know that I won’t spend time troubleshooting something on my time off. I already do a lot of this during work.
Why anyone is using Arch at this point is beyond me.
Every update is a potential failure waiting to happen. And on top of that, their user repos are infected with malware.
Yeah, I’m going to stick with Debian.
Of course the secondary opt-in user repo with unvetted package maintainers is infected with malware, it’d be a miracle if it weren’t! They warn as much in the docs. Use at your own risk, or package and maintain it yourself, because you’re likely not finding it packaged more reliably elsewhere.
And I love Debian, but if you think the Debian repos with 30,000+ packages and 1000+ community maintainers aren’t also infected with malware…
There hasn’t been a single reported incident so far. So, as far as we know… No. They aren’t infected.
And I trust the community of elders that take care of the Debian distro. They have been reliable and solid. They don’t just throw anything at the users on Stable. Even Testing is considered safer than most distributions.
Being critical towards operating system: Great
Actual argument: fair
Solution: oof
Debian is by all means great, for many things, but for a main pc? Shivers
Why shivers ?
It’s stable, it has a HUGE software repo (one of the largest ones if I’m not mistaken), third party software and drivers are almost always available as a Debian package, the community behind it is actually serious about making it safe and problem free. So what if some of the software is not bleeding edge? At least I can rest easy when I’m updating my system. I’ll almost never have any bad surprises like you get in Arch.
Arch just takes whatever the latest software is and throws it in the repos for the users to figure out if it breaks. Half the solutions you find in the wiki are half-baked solutions just to make things work, but are often not standard or even secure, leaving your system with security holes.
What makes this a fair argument? Debian not having an AUR analogue? It’s a shit response from someone who couldn’t even be bothered to look up any information on what the AUR is or how it’s supposed to be used. And what exactly is wrong with using debian on a “main pc”? If people want ancient packages with backported security patches they can knock themselves out. It doesn’t fit my requirements, but there’s nothing wrong with it either.
Its rather subjective but it wouldn’t be the first time updating arch has broken my system and its fair that some people don’t want to deal with that and much prefer some more mature.
And i have no qualms with people who do use debian for a main system but i do assume everyone who do are retired folk with a long career in computing behind them and aren’t in the market to change to another.
LOL! I’m not THAT old hahahahaha!
But that sounds about right. I work in IT and troubleshoot IT problems all day. The last thing I want to do is troubleshoot my PC when I get home. I just want an OS that works. Debian is the best in that regards.
Who is having breaking update issues anymore in 2026? I’ve been running vanilla Arch for 10 years and the only times that has happened (there have been a handful I guess) the archwiki says “hey there’s a breaking change run these 2 commands” and it’s fixed. As a beginner on Linux I actually switched to Arch because every Ubuntu issue I googled was 6 to 10 lines to fix while arch was 1 to 3 lines. The only problem is that the OS expects that you be able to read, which is sometimes tough.
I can’t imagine being on a system that is multiple major releases behind on basic things like nvim and python. I guess if you’re content not to use anything remotely current it makes sense.
Being behind a few releases isn’t that bad, honestly. At least you’re certain it’s going to be well tested and the majority of problems have been ironed out. And there’ll be documentation already on how to fix things or work around certain missing features if that ever occurs. It’s much less of a hassle.
The AUR is not the standard arch package repository and arch as a distro shouldn’t be judged by it’s merits or dangers. Yes, obviously a rolling release distro is not the best fit for most people, but that’s beside the point. Debian is completely fine for people who are looking to replace their windows machine with something stable and don’t need ton of exotic software or especially recent packages.
@webghost0101 @ZombieCyborgFromOuterSpace You are weird.
I wouldn’t want to be perceived in any other way.
Installing from the AUR on arch is nearly the equivalent of an install from a PPA on Debian.
Not even. The PPAs are created and hosted by very specific maintainers with very specific packages. So you have someone to blame and a single software to clean up if things go wrong. And word spreads fast. Yes, there’s a risk, but you can sort of judge how big of a risk it is.
Meanwhile with AUR, it’s just a giant repo in which anybody can just dump whatever. The risks are huge. If I were on Arch, I wouldn’t touch it for anything. I’d rather compile the source code myself for any software I need instead of getting it there.
Sure, I might have over simplified my comment by simply saying “PPA”, but custom repos on Debian have been a way to circumvent the slow release cycle for a very long time. And everyone here gets the comparison. When adding repos on Debian, you should verify the source just as one might from the AUR. I’d argue because of the slow release cycle, users find themselves looking for solutions to pull in newer software all the time and probably more than Arch. Both solutions are trying to solve the same problem - provide software not available officially - and both can be malicious.
I agree, once a user decides to take the effort to setup their Arch install to use the AUR, it’s much easier just start installing whatever without checking, and unfortunately that’s the price of freedom to having access to so much, so easily and so quickly. Some are pulling binaries, most are pulling git repos and building from source. Either way it’s pretty easy to see what’s going on by taking a quick look at the PKGBUILD and with care, it’s kinda awesome.
People didn’t downvote you because they don’t like Debian or disagree it’s stable. Or even because they are pretending the AUR is not dangerous. They downvoted you because you provided Debian as solution to using Arch in such a naive manner. It sounds like you think the AUR is the official Arch repo where users are getting their OS updates. I’m not going to lie and pretend arch updates haven’t provided me a headache from time to time, but overall it’s fantastic and there are distros of arch that provide a bit more of a buffer if you need it.
I’ve been using Debian since the late 90s. I still use it for all of my servers to this day. I have even used it as a workstation many times over the years. But the thing is, I always find myself adding non official repos, compiling my own kernels / pulling in custom kernels (sometimes) and building specific software from source before I consider it in working order. When you build a new workstation using newly released hardware, running vanilla Debian it can take years to get the point to allow you to use that hardware properly. Even on my servers, running on 4 year old hardware, I have a laundry list of “fixes” to get it where I need it to be. Just shell out thousands for a brand new gaming rig? It can be done, you can tweak a Debian vanilla install into a gaming powerhouse, getting a lot of the latest bells and whistles, but it takes effort and knowledge to do so. Desktop Linux is having a moment and it’s not a coincidence that valve switched from Debian to Arch.
We have multiple distros for a reason. Snaps flatpaks, app images, launchpad PPAs, and custom repos are all trying to fill that gap. Debian is awesome but not the solution to that specific problem.
I’ve been a Linux user for 26 years. I made distros for hardware manufacturers. I know very well the distinctions between the AUR and the regular Arch repos and the parallel with Debian’s.
With Arch, the problem is that the AUR is available in the first place and is very easy to enable. People, especially new users, won’t necessarily understand what they’re getting into when enabling it and getting packages from there. A lot of the advice people get online suggest to get packages from AUR. So Arch users are bound to use it at some point.
And if you add to that the fact that the standard repo has bleeding edge package versions with minimal testing means that vulnerabilities can also get introduced. And it’s happened before. This affected Arch, OpenSUSE Tumbleweed, Fedora, but you know what distribution wasn’t affected? Debian stable and Ubuntu LTS.
And on top of that, I’m not even going to mention how unstable it is and how even just making updates is risky on Arch. You have to be on your toes all the time and you can end up with a broken system at any time. For a main PC operating system, I find that absolutely unacceptable. At least Manjaro tried to improve on this.
Valve switching to Arch makes sense though. They moved to Arch because they wanted the most up to date software and drivers available with a faster release cycle. Then control what versions they push to their devices. They keep a tight control over what gets updated by curating their own repositories. So it’s not purely Arch either. It’s Arch-based. You can expect software to be a little older on Steam OS.
In any case. For me, Debian is the solution. I’m looking for stability and security. It has a huge repo with practically every software under the sun. There’s tons of documentation and support and a huge community. For me the distribution works OOTB without any hitch. I just know that I won’t spend time troubleshooting something on my time off. I already do a lot of this during work.