R.L. Dane 
🍵 
Greetings from #Devuan! ;)
Managed to blitz NetworkManger removing unneeded packages, lol.
Thank goodness for rescue mode in the installer! 😄
sotolfYeah, Devuan is Debian minus systemd (which you can still do manually by dropping into a shell during Debian installation, but this was easier. XD)
I'm still running Linux on several boxen. This was my CachyOS laptop, but I decided to hop to Devuan next.
I've got an OpenSuse SFF desktop and my work machine is vanilla Debian. ;)
^. .^ Paul Wilde 
@rl_dane @sotolf systemd-less distros are an absolute dream.
I have had zero issues with anything that would typically be a systemd task and both computers I have Alpine installed on have gained performance.
Why distros still use systemd is beyond me. #bloatware
I have had zero issues with anything that would typically be a systemd task and both computers I have Alpine installed on have gained performance.
Why distros still use systemd is beyond me. #bloatware
thedoctor@paul I don't feel qualified enough to really contribute anything meaningful to the whole pro/con discussion but it was my impression that the whole systemd issue isn't quite as black and white as it is often made out to be.
I remember reading a forum post by an Arch maintainer that went fairly in-depth on the whole situation and they argued that the status pre-systemd was worse in Arch.
@rl_dane @sotolf
@thedoctor @paul @rl_dane I might be weird, but I really liked the rc.d system that arched used to have before systemd, it might be that it was ugly behind the scenes, but as a user it was really nice to use :)
@sotolf @thedoctor @rl_dane yeah, it was just BSD style init scripts, right?
Absolutely marvelous.
Alpine uses OpenRC which is very similar.
But systemd is bloat - it's not just the init system, it's everything, and that's not good.
init system, disk mounter, dns resolver, password checker, time resolver, and it does everything worse and more complicated than the stuff we had before :p
@sotolf @thedoctor @rl_dane yup.
it's great it's good for new users, I get it, they don't have to worry too much. But, it should be an easy exit if you don't want to use it.
it's great it's good for new users, I get it, they don't have to worry too much. But, it should be an easy exit if you don't want to use it.
@paul @thedoctor @rl_dane I forgot they also binary encode all log files for "efficiency" so that you don't have a text syslog anymore.
The fact that Debian agreed to *that* is hilariously tragic.
navi@rl_dane @sotolf @paul @thedoctor
well, fwiw, while openrc support in debian atm is... bad. but there's a couple debian devs actively working over the past month to make it a lot better (plus me adding a few features they needed)
likely next debian release will have good native openrc support
i wish i could recommend devuan or artix to people but their communities make me not want to
well, fwiw, while openrc support in debian atm is... bad. but there's a couple debian devs actively working over the past month to make it a lot better (plus me adding a few features they needed)
likely next debian release will have good native openrc support
i wish i could recommend devuan or artix to people but their communities make me not want to
@navi @paul @sotolf @thedoctor
I've heard rumblings about Devuan having, eh, "undesirables" in it, but I haven't heard anything concrete.
I haven't heard anything about Artix, but Arch-derivatives aren't interesting to me. The native packages don't have everything I need (compared to Debian-derivatives), and the AUR is super scary right now.
@rl_dane @navi @paul @thedoctor
I've heard about both Devuan and Artix communites as not being quite Kosher, but I don't quite remember why, just that they were iffy.
I am using arch for a long time, with only a couple of AUR things that I have vetted. But using AUR should always have been scary, it's just that people got lulled into the lie that using AUR helpers was a good idea.
@sotolf @navi @paul @thedoctor
Hard agree. User-contributed "ports" should be vetted like a babysitter juggling chainsaws.
@thedoctor @rl_dane @navi @paul
I'm not really sure, I don't think I have seen a single person that uses an AUR helper not just :q as soon as the pkgbuild gets shown and say yes, or just disable it showing them. It makes installing stuff from the AUR too easy, so that you don't actually thinkg about it.
kabel42@sotolf @thedoctor @rl_dane @navi @paul yay shows the diff if you update a package from aur and checking only the version in the link and the checksum changed is ok if you only have 3-5 packages from aur installed.
@kabel42 @sotolf @thedoctor @rl_dane @paul
when i was an arch user, and used yay, i'd just spam `y` to accept, and that's the experience all arch users i knew personally had asw
when i was an arch user, and used yay, i'd just spam `y` to accept, and that's the experience all arch users i knew personally had asw
@navi @paul @kabel42 @rl_dane @thedoctor
Yeah, it's all I've seen as well, and I feel the temptation for the times that I tried out paru and yay or yaourt back in the day, it's too easy, and it's too easy to skip, so it's what you will do, especially when you're tired and just want this thing working so that you can do something way more fun than trying to install a package.
@sotolf Not using a helper opens you up to not updating your packages in time, no? If you only have a few that may be acceptable for some but I, personally, really don't feel like manually checking whether any of my five packages had an update, pulling the new PKGBUILD, glancing at any changes, building and then installing the new packages.
This may be the exception and I absolutely see your point, but I for one would always opt for an AUR helper that simply shows me the PKGBUILD and any diffs on update so I can skim it without losing the convenience of automated updates.
@thedoctor @navi @paul @kabel42 @rl_dane
I mean, it certainly is something that makes sure that you don't install too much from the AUR, I don't enjoy updating things in general, mostly it's just stuff getting worse than it used to be, as long as it still works I usually don't bother too much.
@sotolf @thedoctor @navi @paul
The last time I was using one I would just do a search for http. That would probably NOT be recommended SOP at this point. 😂
@thedoctor @rl_dane @sotolf @paul
"read the PKGBUILD diff" is, imo, kind of cope -- users don't do that, saying "people should be better" by itself isn't a solution
for comparison, gentoo's GURU has manually reviewed registration by means of "open a bug asking to join, attaching your ssh and gpg keys", and users push ebuilds to `dev`, and a trusted contributor or developer merges them on `main` after an over-the-top review
it has caught... questionable, ebuilds in the past, and it's not perfect but a bare minimum of moderation imo
additionally, guru is just a gentoo repository/overlay, so no helpers are needed -- guru ebuilds are still seen as not-as-trustworthy as main packages, so all ebuilds are forced to the ~keyword (aka needs to be explicitly enabled per package)
"read the PKGBUILD diff" is, imo, kind of cope -- users don't do that, saying "people should be better" by itself isn't a solution
for comparison, gentoo's GURU has manually reviewed registration by means of "open a bug asking to join, attaching your ssh and gpg keys", and users push ebuilds to `dev`, and a trusted contributor or developer merges them on `main` after an over-the-top review
it has caught... questionable, ebuilds in the past, and it's not perfect but a bare minimum of moderation imo
additionally, guru is just a gentoo repository/overlay, so no helpers are needed -- guru ebuilds are still seen as not-as-trustworthy as main packages, so all ebuilds are forced to the ~keyword (aka needs to be explicitly enabled per package)
@thedoctor @sotolf @navi @paul
Even if you read every single line of the PKGBUILD carefully, can you really truly be sure there's nothing untoward going on there?
We need to get back to having proper assurances of trust in software and not just slapping stuff together slipshod, like we're doing now.
@rl_dane @thedoctor @sotolf @navi @paul
the average pkgbuild is pretty simple https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=digilent.waveforms
I'd trust that more than an unofficial appimage or ppa and even your average distro maintainer could patch anything in their package if they want AFAIK
@rl_dane
This mostly comes down to build provenance and supply chain security in general then. If I do read everything carefully, I don't think that exposes me to more risk than installing some binary off Github or a Flatpak or a third-party PPA or something of the sort.
I'm all for improving the security of the whole thing, though.
@sotolf @navi @paul
@rl_dane @thedoctor @navi @paul
Not really, since usually they pull stuff too, but there are other things, to look at too, votes on the aur repo, some times a quick search, and see that they are pulling from the repos that they should, and that they don't do things that are too different from "standard" scripts.
@sotolf @navi @paul @thedoctor
I always try to get details when somebody says that a community "isn't quite kosher," because there are cases where a community is trying to walk up to the line of fascism without being fascist and that kind of stuff needs to be called out.
But there are also cases where it's just "optics," and people haven't really looked into it in sufficient depth and it's not good to just deprecate them for no good reason.
@rl_dane @sotolf @paul @thedoctor
i can't say it directly for devuan, but a) i knew someone that tried joining artix's telegram channels only to be met with a *lot* of blatant anti-semetism, racism, and such, while b) constantly hearing that devuan's community is the same as artix
i can't say it directly for devuan, but a) i knew someone that tried joining artix's telegram channels only to be met with a *lot* of blatant anti-semetism, racism, and such, while b) constantly hearing that devuan's community is the same as artix
@navi @paul @sotolf @thedoctor
I'll have to cruise Devuan's IRC sometime.
@rl_dane @navi @paul @thedoctor Yes and no, there are also time where you just get a bad feeling, like I'm totally avoiding the nim forums, because the guy who's in the lead of it does tend to be kind of a douche, I don't think he's really malicious, but uncomfortable, other times it's something that doesn't really hit me as a white straight cis guy, but can be a lot worse for someone not having all my privileges, faschism isn't the only thing, there is so many things that can make a community iffy that at least it's nice to be aware of, and I guess most of these are the ones where there aren't open receipts and maybe just an off feeling, but I have seen enough of them turning out to be bad places that I tend to keep cautious with something like it.
Easy exits aren't compatible with world domination plans. :P
...it's not just the init system, it's everything, and that's not good.
Exactly.