I’m a little bit underwhelmed, I thought that based off the fact so many people seem to make using this distro their personality I expected… well, more I guess?
Once the basic stuff is set-up, like wifi, a few basic packages, a desktop environment/window manager, and a bit of desktop environment and terminal customisation, then that’s it. Nothing special, just a Linux distribution with less default programs and occasionally having to look up how to install a hardware driver or something if you need to use bluetooth for the first time or something like that.
Am I missing something? How can I make using Arch Linux my personality when once it’s set up it’s just like any other computer?
What exactly is it that people obsess over? The desktop environment and terminal customisation? Setting up NetworkManager with nmcli? Using Vim to edit a .conf file?
That is, you admit that most aur users delegate that function to other eyes instead of auditing the external code they are installing. A user repository outside of the official distribution repository is not a secure means of installing packages on the system, which may have root access to the system and the source code may change with each package update. Do you think that every time there is an update to a package that is not widely used, others will audit the source code for you? For that reason I stopped using Aur and by extension Arch, as their software catalog outside of aur is small.
Your comparison was with random exes on the most targeted, malware infested operating system out there.
Many eyes are always better than no eyes. I’m not saying you shouldn’t vet the code stop misinterpreting but no one knows or catches everything by themselves. That’s why security needs transparency. If it’s as insecure as you’re saying we would have way bigger problems but we don’t. AUR is not as safe as the Arch repository sure, but definitely safer than installing random exes on Windows. It’s a flawed comparison you’re making.
If you’re paranoid you should be on an immutable distro cause xz backdoor was in some official repos. Repo maintainers do not catch everything either it was just a mere coincidence someone caught it(again thanks to transparency & many eyes on code) before mass deployment. Installing anything with root access is a risk. Going online is a risk. But there are ways to mitigate risk. Some security you’re always gonna have to trade for convenience.