I suspect Mint might just not have anything like the AUR.
AUR stands for Arch User Repository, and it’s a place where anybody can create a package. But those packages aren’t going into a regular repository, instead they’re kept as build scripts, simple code that describes how to make a package.
This is useful for two reasons - it allows users to share packages that aren’t making it into the official repositories (because not everything will, there’s just too much stuff out there), but it can also have things which can’t go into the repos due to licensing (because the AUR doesn’t distribute the software, just instructions on how to automatically get it)
There’s no official utility to install packages from the AUR - you have to find a package you want on the site, clone the repository, and run makepkg to build and install it. And for updates you have to pull changes and rebuild it manually. And you’re supposed to check yourself to make sure what you’re installing is safe. But there are popular unofficial utilities that are intended to replace Arch’s built-in package management, automatically finding packages both in the trusted repositories and the untrusted AUR, with no separation.
Well, yes and no. If you’re using any graphical utility to install software, you’re already using something similar, since the actual package manager in a distro is usually a commandline utility, and you’re using a wrapper around it. Those unofficial package managers don’t actually mess with your system files (at least for the most part), they just look at package lists, dependencies, and automatically build AUR packages as necessary before handing everything off to the actual package manager.
The scary bit isn’t the package manager being unofficial, it’s how it puts untrusted packages on the same level as trusted packages, letting you install it unknowingly.
As of the latest dumpster fires over there, they’re wanting to hide it nowadays!
Dumpster fires? Do you mean the untrusted repository of user-submitted build scripts getting malicious user-submitted content? :P
Keep your official packages and AUR separate, if nothing else at least don’t pull from both sources with the same command
I don’t know how Arch works as a Minter here. That’s good that there’s a separation line… Not sure if Mint’s Software Mgr has that…
I suspect Mint might just not have anything like the AUR.
AUR stands for Arch User Repository, and it’s a place where anybody can create a package. But those packages aren’t going into a regular repository, instead they’re kept as build scripts, simple code that describes how to make a package.
This is useful for two reasons - it allows users to share packages that aren’t making it into the official repositories (because not everything will, there’s just too much stuff out there), but it can also have things which can’t go into the repos due to licensing (because the AUR doesn’t distribute the software, just instructions on how to automatically get it)
There’s no official utility to install packages from the AUR - you have to find a package you want on the site, clone the repository, and run
makepkgto build and install it. And for updates you have to pull changes and rebuild it manually. And you’re supposed to check yourself to make sure what you’re installing is safe. But there are popular unofficial utilities that are intended to replace Arch’s built-in package management, automatically finding packages both in the trusted repositories and the untrusted AUR, with no separation.Oh, so it’s like a second, unofficial Software Manager. That sounds scary.
Well, yes and no. If you’re using any graphical utility to install software, you’re already using something similar, since the actual package manager in a distro is usually a commandline utility, and you’re using a wrapper around it. Those unofficial package managers don’t actually mess with your system files (at least for the most part), they just look at package lists, dependencies, and automatically build AUR packages as necessary before handing everything off to the actual package manager.
The scary bit isn’t the package manager being unofficial, it’s how it puts untrusted packages on the same level as trusted packages, letting you install it unknowingly.