The Chaotic AUR is used by Garuda, with a very popular distro using it, it makes sense that the packages are curated and made to be sure the packages install correctly
This is a very risky repo since you can't verify a compiled package. You should also inform us about security issues with external repo and how to make sure they are trusted
Kind of a weird choice of packages to showcase and frankly to be included in the repo. Both brave and paru have -bin releases on the aur and are well maintained.
Been running Arch, can confirm that it's fantastic with the combo of Chaotic AUR and Steam/Proton. 99% of my 400+ games run and it also does some video/audio/web/basic other stuff on the side. Zero reason to think about Windows again at this point. The reason, IME, to use Chaotic is because of the tools you need to keep up to date if you stream or do stuff online. But, yes, you have to choose wisely and do some research. Don't hit that update all and then wonder why it broke - and WHICH of the 50 things you installed at once did it. One at a time, just the stuff you must update. Though, to be fair, we did also have to do this all the time with Windows. KB hell was a real thing.
Excuse my ignorance, but is already compiled binary for whatever system (I assume base arch) always compatible with the arch-based distro variants? Like ... I don't know... mesa-git pre compiled binary kind of depends on very specific llvm it was built with? So you can't just drop in whatever binary to another system with totally different llvm?? Am I missing something?
i used garuda as my first distro and chaotic aur is all i have ever used on arch lol, currently i went to fedora do to not breakages and just needing my comp to work "work is terrible atm and i lost most my tinker fun time"
1:30 On a decent machine it takes around 30-40 minutes (I've had this experience recently on a Gentoo VM with half of my CPU cores and RAM allocated to it), you're probably thinking of Chromium.
Yes! This what I wanted. I have always been tired of even compiling as small as a font and taking it several minutes to compile, taking my resources and then generating a lot of bloat such as dependencies and source files. I absolutely hated doing that, but if this is as same as installing a package from pacman, I would be really interested in trying to. Thanks for showing this to us. But I wonder how often are the packages updated?
If the Chaotic AUR mainly packages the more popular pieces of software, I guess I’m not understanding what the benefit is over the regular Arch repos, since they also include binaries for all the most popular software.
@@gustavojoaquin_arch Actually, Chaotic's biggest security flaw is AUR. Orphaned packages can lead to disasters. The infra meanwhile is in GH for easy auditing. [tried to post more complex answers, but this platform won't allow it]
How secure is it? I understand of course AUR has safety issues, but I am talking safety problems over AUR. How do we know the Chaotic AUR platform will not participate in any sort of mass attack?
@@mzakyr342 Did you ever hear the tragedy of Debian Plagueis The Wise? I thought not. It's not a story the Archers would tell you. It's a Debian legend.
I’ve had to abandon all forms of Arch Linux on my computers. Every version of Arch on any of my computers always devolves into broken keyrings at some point. Yes I’ve tried the key --init things. Always get (invalid or corrupted package (PGP signature)). Only happens with Arch.
@@RarefiedError I remember having a problem with this a few times a while back 😅. I think I deleted the PGP key with pacman-key --delete (key) and then pacman-key --populate archlinux and it fixd my issues. hopefully it helps
aur is already a security nightmare, i review everything before installing it. not gonna run some randos binary version of aur packages. with all due respect dt, this video as an L 😢
It is absolutely illusoric to review even a single package before installation unless it is extremely small. So actually, such policies really increase security - it keeps the count of installed package low (or better say "less high"), thus reducing attack surface 😂.
Sure, but one wouldn't install a chaotic AUR package in a production system, and that's probably the largest piece of users attackers are interested in, enterprise ones
Problem with this is: security. At least the repositories from Distros are well maintained and free of malware. In other repos like this you never know what you’re installing.
Has less to do with laziness and more with precious time. Often you need something right this instant to get work done and if it's not in the repos that means compiling, and even more compiling if it's a large gui app with additional toolkits that also need compiling. And then you'll need to recompile for every new release or git commit if there's only a -git package. I just don't see the point if somebody as large as Chaotic have proven themselves.
Tried chaotic AUR and my updates were found to be corrupt. Used Pacui and it snagged a .deb update and compiled and installed no problem. WARNING kid gloves should NOT use Pacui.
...or just use Debian, where you don't have to frequently resort to some third party user-maintained repositories that can reduce the stability and integrity of the system as a whole.
The Chaotic AUR is used by Garuda, with a very popular distro using it, it makes sense that the packages are curated and made to be sure the packages install correctly
This is a very risky repo since you can't verify a compiled package. You should also inform us about security issues with external repo and how to make sure they are trusted
Kind of a weird choice of packages to showcase and frankly to be included in the repo. Both brave and paru have -bin releases on the aur and are well maintained.
Yes but I hate AUR helpers because they still have to do stuff to install the bin package and they generate bloat such as source files.
At least on Manjaro, brave is in the distribution's extra repository under 'brave-browser' so even then, aur not needed.
@@TuxikCEyou can tell paru to do autoclean with paru.conf
One of the things which help make Garuda Linux a great distro for Arch beginners. I first learned about the chaotic AUR on that distro.
I learned about it in Arcolinux. This repository (among others) are easily installed with Arco's Tweak Tool.
as always easy to understand, helpful and very detailed
hey dt i lovedd your videos on doom, you should def do some more!
ty DT, never knew about chaotic
The first thing I do when I install any Arch based distro. Thanks to the Garuda team.
Go to google translate, select detect language, type AUR and translate to English. Gold!
Been running Arch, can confirm that it's fantastic with the combo of Chaotic AUR and Steam/Proton. 99% of my 400+ games run and it also does some video/audio/web/basic other stuff on the side. Zero reason to think about Windows again at this point. The reason, IME, to use Chaotic is because of the tools you need to keep up to date if you stream or do stuff online.
But, yes, you have to choose wisely and do some research. Don't hit that update all and then wonder why it broke - and WHICH of the 50 things you installed at once did it. One at a time, just the stuff you must update. Though, to be fair, we did also have to do this all the time with Windows. KB hell was a real thing.
Excuse my ignorance, but is already compiled binary for whatever system (I assume base arch) always compatible with the arch-based distro variants? Like ... I don't know... mesa-git pre compiled binary kind of depends on very specific llvm it was built with? So you can't just drop in whatever binary to another system with totally different llvm?? Am I missing something?
Also. Arch tweak tool (at least in Arcolinux) allows you to add chaotic AUR by toggle switch.
Interesting, didn't know it. Thanks!
Interesting! didn't know about that. I'll give it a try. Thanks!
i used garuda as my first distro and chaotic aur is all i have ever used on arch lol, currently i went to fedora do to not breakages and just needing my comp to work "work is terrible atm and i lost most my tinker fun time"
1:30 On a decent machine it takes around 30-40 minutes (I've had this experience recently on a Gentoo VM with half of my CPU cores and RAM allocated to it), you're probably thinking of Chromium.
but popular bin packeges are available in AUR, like ungoogled chrome bin
Yes! This what I wanted. I have always been tired of even compiling as small as a font and taking it several minutes to compile, taking my resources and then generating a lot of bloat such as dependencies and source files. I absolutely hated doing that, but if this is as same as installing a package from pacman, I would be really interested in trying to. Thanks for showing this to us.
But I wonder how often are the packages updated?
Thanks, DT
Thank you DT ( comment to please the YT algorithm....)
Used it on Garuda 👌, but over time found I needed it less and less on Arch to the point where I no longer use it.
If the Chaotic AUR mainly packages the more popular pieces of software, I guess I’m not understanding what the benefit is over the regular Arch repos, since they also include binaries for all the most popular software.
Thanks :)) It's great. :)
recently came across chaotic nyx which is awesome :)
i mean i use gentoo before, i don't like compiling llvm or gcc
Is it safe ? How can i trust it ?
I don't think it's safe, aur is still better
@@gustavojoaquin_arch Actually, Chaotic's biggest security flaw is AUR. Orphaned packages can lead to disasters. The infra meanwhile is in GH for easy auditing.
[tried to post more complex answers, but this platform won't allow it]
You trust the AUR?
I love the Chaotic AUR and I'm on Garuda aswell. This can't beat the Chaotic AUR. It's FAR superior than ANY other!!!
How secure is it? I understand of course AUR has safety issues, but I am talking safety problems over AUR. How do we know the Chaotic AUR platform will not participate in any sort of mass attack?
I prefer to supercharge Arch by installing Debian.
how? please
@@mzakyr342 Did you ever hear the tragedy of Debian Plagueis The Wise? I thought not. It's not a story the Archers would tell you. It's a Debian legend.
@@ordinarryalien wait why does it look like a star wars reference
Ah Debian love having to wait 2 years for a buggy packages to get updated.
@@RealShadowreaper -Live long- use Debian Sid and prosper. 🖖
I’ve had to abandon all forms of Arch Linux on my computers. Every version of Arch on any of my computers always devolves into broken keyrings at some point. Yes I’ve tried the key --init things. Always get (invalid or corrupted package (PGP signature)). Only happens with Arch.
pacman -Sy archlinux-keyring?
@@_dev_null_ been there done that, still broken , always broken
@@RarefiedError I remember having a problem with this a few times a while back 😅. I think I deleted the PGP key with pacman-key --delete (key) and then pacman-key --populate archlinux and it fixd my issues. hopefully it helps
@@_dev_null_ doesn't help me any, I switched to debian/sid a while back, havent regretted i yet
aur is already a security nightmare, i review everything before installing it. not gonna run some randos binary version of aur packages. with all due respect dt, this video as an L 😢
with all due respect, I think I want to rizz you up
@@occultsupportskibidi toilet ohio rizz
@@BunnyKhatri-pd8zm lmao youtube is giving me the "Translate to English" option
It is absolutely illusoric to review even a single package before installation unless it is extremely small. So actually, such policies really increase security - it keeps the count of installed package low (or better say "less high"), thus reducing attack surface 😂.
Sure, but one wouldn't install a chaotic AUR package in a production system, and that's probably the largest piece of users attackers are interested in, enterprise ones
I am using chaotic-aur from last 2 years.
Oh cool. Just installed makemkv with it.
Time to compare Arch performance to CachyOS on the same hardware!!! 👀
firefox takes only ~1h to compile on my laptop with R7 5800H and 4 jobs. As I write this comment I am just compiling it. (gentoo)
I hope you commented using the links command.
Jesus
most sane gentoo user
Saludos buen video 📸📸
Mistake in the description. It should be "arch linux" instead of "arch linxu".
Problem with this is: security. At least the repositories from Distros are well maintained and free of malware. In other repos like this you never know what you’re installing.
Has less to do with laziness and more with precious time. Often you need something right this instant to get work done and if it's not in the repos that means compiling, and even more compiling if it's a large gui app with additional toolkits that also need compiling. And then you'll need to recompile for every new release or git commit if there's only a -git package.
I just don't see the point if somebody as large as Chaotic have proven themselves.
I think we all understand why they named the command "pacman-key" instead of "packey"
So I don't have to waste time , it took like 30 mins to install wine with yay
wine is in the arch repos, just install with pacman
I prefer the cachyos repo
Tried chaotic AUR and my updates were found to be corrupt. Used Pacui and it snagged a .deb update and compiled and installed no problem. WARNING kid gloves should NOT use Pacui.
Agree to Disagree.
Can't wait to install my nVidia drivers from chaotic-aur to have them heat my home. I mean, AUR is sketchy enough...
I'm lazy too, I get you don't want to manually compile the source package.
dt you have a mistake in the description
Prebuilt binaries?
I'll pass
yay brave
No thanks!
...or just use Debian, where you don't have to frequently resort to some third party user-maintained repositories that can reduce the stability and integrity of the system as a whole.
We all use arch to say "I use arch btw"
Lin Sux, for people who like to fiddle with their OS the whole day, instead of getting stuff done.
It might be cool... but it has a bunch of security issues, no thanks
You should know better than this
Arch is poor man's Gentoo.
I recommend staying away from the AUR because it's not secure and most packages are out of date or broken.
Then don't install outdated or Broken packages 🤷As a developer I have lots kf packages and all of them work fine.
"most packages are out of date or broken" 🤣🤣🤣
What stuff are you on? I want some of that 😅
Umm, what?
I run an arch distro for hyprland. We are not the same.
nope. I run Arch for Wayland + Hyprland