The Chaotic AUR is used by Garuda, with a very popular distro using it, it makes sense that the packages are curated and made to be sure the packages install correctly
This is a very risky repo since you can't verify a compiled package. You should also inform us about security issues with external repo and how to make sure they are trusted
Kind of a weird choice of packages to showcase and frankly to be included in the repo. Both brave and paru have -bin releases on the aur and are well maintained.
Excuse my ignorance, but is already compiled binary for whatever system (I assume base arch) always compatible with the arch-based distro variants? Like ... I don't know... mesa-git pre compiled binary kind of depends on very specific llvm it was built with? So you can't just drop in whatever binary to another system with totally different llvm?? Am I missing something?
Been running Arch, can confirm that it's fantastic with the combo of Chaotic AUR and Steam/Proton. 99% of my 400+ games run and it also does some video/audio/web/basic other stuff on the side. Zero reason to think about Windows again at this point. The reason, IME, to use Chaotic is because of the tools you need to keep up to date if you stream or do stuff online. But, yes, you have to choose wisely and do some research. Don't hit that update all and then wonder why it broke - and WHICH of the 50 things you installed at once did it. One at a time, just the stuff you must update. Though, to be fair, we did also have to do this all the time with Windows. KB hell was a real thing.
i used garuda as my first distro and chaotic aur is all i have ever used on arch lol, currently i went to fedora do to not breakages and just needing my comp to work "work is terrible atm and i lost most my tinker fun time"
1:30 On a decent machine it takes around 30-40 minutes (I've had this experience recently on a Gentoo VM with half of my CPU cores and RAM allocated to it), you're probably thinking of Chromium.
Yes! This what I wanted. I have always been tired of even compiling as small as a font and taking it several minutes to compile, taking my resources and then generating a lot of bloat such as dependencies and source files. I absolutely hated doing that, but if this is as same as installing a package from pacman, I would be really interested in trying to. Thanks for showing this to us. But I wonder how often are the packages updated?
If the Chaotic AUR mainly packages the more popular pieces of software, I guess I’m not understanding what the benefit is over the regular Arch repos, since they also include binaries for all the most popular software.
How secure is it? I understand of course AUR has safety issues, but I am talking safety problems over AUR. How do we know the Chaotic AUR platform will not participate in any sort of mass attack?
Has less to do with laziness and more with precious time. Often you need something right this instant to get work done and if it's not in the repos that means compiling, and even more compiling if it's a large gui app with additional toolkits that also need compiling. And then you'll need to recompile for every new release or git commit if there's only a -git package. I just don't see the point if somebody as large as Chaotic have proven themselves.
aur is already a security nightmare, i review everything before installing it. not gonna run some randos binary version of aur packages. with all due respect dt, this video as an L 😢
It is absolutely illusoric to review even a single package before installation unless it is extremely small. So actually, such policies really increase security - it keeps the count of installed package low (or better say "less high"), thus reducing attack surface 😂.
Sure, but one wouldn't install a chaotic AUR package in a production system, and that's probably the largest piece of users attackers are interested in, enterprise ones
I’ve had to abandon all forms of Arch Linux on my computers. Every version of Arch on any of my computers always devolves into broken keyrings at some point. Yes I’ve tried the key --init things. Always get (invalid or corrupted package (PGP signature)). Only happens with Arch.
@@RarefiedError I remember having a problem with this a few times a while back 😅. I think I deleted the PGP key with pacman-key --delete (key) and then pacman-key --populate archlinux and it fixd my issues. hopefully it helps
Problem with this is: security. At least the repositories from Distros are well maintained and free of malware. In other repos like this you never know what you’re installing.
@@mzakyr342 Did you ever hear the tragedy of Debian Plagueis The Wise? I thought not. It's not a story the Archers would tell you. It's a Debian legend.
@@gustavojoaquin_arch Actually, Chaotic's biggest security flaw is AUR. Orphaned packages can lead to disasters. The infra meanwhile is in GH for easy auditing. [tried to post more complex answers, but this platform won't allow it]
Tried chaotic AUR and my updates were found to be corrupt. Used Pacui and it snagged a .deb update and compiled and installed no problem. WARNING kid gloves should NOT use Pacui.
...or just use Debian, where you don't have to frequently resort to some third party user-maintained repositories that can reduce the stability and integrity of the system as a whole.
The Chaotic AUR is used by Garuda, with a very popular distro using it, it makes sense that the packages are curated and made to be sure the packages install correctly
This is a very risky repo since you can't verify a compiled package. You should also inform us about security issues with external repo and how to make sure they are trusted
Kind of a weird choice of packages to showcase and frankly to be included in the repo. Both brave and paru have -bin releases on the aur and are well maintained.
Yes but I hate AUR helpers because they still have to do stuff to install the bin package and they generate bloat such as source files.
At least on Manjaro, brave is in the distribution's extra repository under 'brave-browser' so even then, aur not needed.
@@TuxikCEyou can tell paru to do autoclean with paru.conf
One of the things which help make Garuda Linux a great distro for Arch beginners. I first learned about the chaotic AUR on that distro.
I learned about it in Arcolinux. This repository (among others) are easily installed with Arco's Tweak Tool.
The first thing I do when I install any Arch based distro. Thanks to the Garuda team.
Excuse my ignorance, but is already compiled binary for whatever system (I assume base arch) always compatible with the arch-based distro variants? Like ... I don't know... mesa-git pre compiled binary kind of depends on very specific llvm it was built with? So you can't just drop in whatever binary to another system with totally different llvm?? Am I missing something?
Go to google translate, select detect language, type AUR and translate to English. Gold!
Been running Arch, can confirm that it's fantastic with the combo of Chaotic AUR and Steam/Proton. 99% of my 400+ games run and it also does some video/audio/web/basic other stuff on the side. Zero reason to think about Windows again at this point. The reason, IME, to use Chaotic is because of the tools you need to keep up to date if you stream or do stuff online.
But, yes, you have to choose wisely and do some research. Don't hit that update all and then wonder why it broke - and WHICH of the 50 things you installed at once did it. One at a time, just the stuff you must update. Though, to be fair, we did also have to do this all the time with Windows. KB hell was a real thing.
hey dt i lovedd your videos on doom, you should def do some more!
Also. Arch tweak tool (at least in Arcolinux) allows you to add chaotic AUR by toggle switch.
i used garuda as my first distro and chaotic aur is all i have ever used on arch lol, currently i went to fedora do to not breakages and just needing my comp to work "work is terrible atm and i lost most my tinker fun time"
1:30 On a decent machine it takes around 30-40 minutes (I've had this experience recently on a Gentoo VM with half of my CPU cores and RAM allocated to it), you're probably thinking of Chromium.
ty DT, never knew about chaotic
but popular bin packeges are available in AUR, like ungoogled chrome bin
Yes! This what I wanted. I have always been tired of even compiling as small as a font and taking it several minutes to compile, taking my resources and then generating a lot of bloat such as dependencies and source files. I absolutely hated doing that, but if this is as same as installing a package from pacman, I would be really interested in trying to. Thanks for showing this to us.
But I wonder how often are the packages updated?
Used it on Garuda 👌, but over time found I needed it less and less on Arch to the point where I no longer use it.
If the Chaotic AUR mainly packages the more popular pieces of software, I guess I’m not understanding what the benefit is over the regular Arch repos, since they also include binaries for all the most popular software.
Interesting, didn't know it. Thanks!
How secure is it? I understand of course AUR has safety issues, but I am talking safety problems over AUR. How do we know the Chaotic AUR platform will not participate in any sort of mass attack?
Interesting! didn't know about that. I'll give it a try. Thanks!
Thanks, DT
i mean i use gentoo before, i don't like compiling llvm or gcc
I love the Chaotic AUR and I'm on Garuda aswell. This can't beat the Chaotic AUR. It's FAR superior than ANY other!!!
Has less to do with laziness and more with precious time. Often you need something right this instant to get work done and if it's not in the repos that means compiling, and even more compiling if it's a large gui app with additional toolkits that also need compiling. And then you'll need to recompile for every new release or git commit if there's only a -git package.
I just don't see the point if somebody as large as Chaotic have proven themselves.
I am using chaotic-aur from last 2 years.
aur is already a security nightmare, i review everything before installing it. not gonna run some randos binary version of aur packages. with all due respect dt, this video as an L 😢
with all due respect, I think I want to rizz you up
@@occultsupportskibidi toilet ohio rizz
@@BunnyKhatri-pd8zm lmao youtube is giving me the "Translate to English" option
It is absolutely illusoric to review even a single package before installation unless it is extremely small. So actually, such policies really increase security - it keeps the count of installed package low (or better say "less high"), thus reducing attack surface 😂.
Sure, but one wouldn't install a chaotic AUR package in a production system, and that's probably the largest piece of users attackers are interested in, enterprise ones
dt you have a mistake in the description
I’ve had to abandon all forms of Arch Linux on my computers. Every version of Arch on any of my computers always devolves into broken keyrings at some point. Yes I’ve tried the key --init things. Always get (invalid or corrupted package (PGP signature)). Only happens with Arch.
pacman -Sy archlinux-keyring?
@@_dev_null_ been there done that, still broken , always broken
@@RarefiedError I remember having a problem with this a few times a while back 😅. I think I deleted the PGP key with pacman-key --delete (key) and then pacman-key --populate archlinux and it fixd my issues. hopefully it helps
@@_dev_null_ doesn't help me any, I switched to debian/sid a while back, havent regretted i yet
Problem with this is: security. At least the repositories from Distros are well maintained and free of malware. In other repos like this you never know what you’re installing.
I prefer to supercharge Arch by installing Debian.
how? please
@@mzakyr342 Did you ever hear the tragedy of Debian Plagueis The Wise? I thought not. It's not a story the Archers would tell you. It's a Debian legend.
@@ordinarryalien wait why does it look like a star wars reference
Ah Debian love having to wait 2 years for a buggy packages to get updated.
@@RealShadowreaper -Live long- use Debian Sid and prosper. 🖖
Time to compare Arch performance to CachyOS on the same hardware!!! 👀
recently came across chaotic nyx which is awesome :)
Is it safe ? How can i trust it ?
I don't think it's safe, aur is still better
@@gustavojoaquin_arch Actually, Chaotic's biggest security flaw is AUR. Orphaned packages can lead to disasters. The infra meanwhile is in GH for easy auditing.
[tried to post more complex answers, but this platform won't allow it]
You trust the AUR?
Thank you DT ( comment to please the YT algorithm....)
firefox takes only ~1h to compile on my laptop with R7 5800H and 4 jobs. As I write this comment I am just compiling it. (gentoo)
I hope you commented using the links command.
Jesus
most sane gentoo user
Mistake in the description. It should be "arch linux" instead of "arch linxu".
I think we all understand why they named the command "pacman-key" instead of "packey"
Thanks :)) It's great. :)
Oh cool. Just installed makemkv with it.
I'm lazy too, I get you don't want to manually compile the source package.
So I don't have to waste time , it took like 30 mins to install wine with yay
wine is in the arch repos, just install with pacman
Can't wait to install my nVidia drivers from chaotic-aur to have them heat my home. I mean, AUR is sketchy enough...
Tried chaotic AUR and my updates were found to be corrupt. Used Pacui and it snagged a .deb update and compiled and installed no problem. WARNING kid gloves should NOT use Pacui.
I prefer the cachyos repo
Lin Sux, for people who like to fiddle with their OS the whole day, instead of getting stuff done.
We all use arch to say "I use arch btw"
Agree to Disagree.
...or just use Debian, where you don't have to frequently resort to some third party user-maintained repositories that can reduce the stability and integrity of the system as a whole.
Prebuilt binaries?
I'll pass
Saludos buen video 📸📸
Arch is poor man's Gentoo.
It might be cool... but it has a bunch of security issues, no thanks
I run an arch distro for hyprland. We are not the same.
yay brave
I recommend staying away from the AUR because it's not secure and most packages are out of date or broken.
Then don't install outdated or Broken packages 🤷As a developer I have lots kf packages and all of them work fine.
"most packages are out of date or broken" 🤣🤣🤣
What stuff are you on? I want some of that 😅
Umm, what?
You should know better than this
No thanks!
nope. I run Arch for Wayland + Hyprland