Package Signing Comes To Pacman and Arch Linux

← Back to Stories (view on slashdot.org)

Package Signing Comes To Pacman and Arch Linux

Posted by timothy on Tuesday January 17, 2012 @03:00AM from the ok-but-who-are-you-really dept.

fwarren writes "One of the main complaints heard around here on why some Slashdotters don't run Arch Linux is that the packages are not signed. Fear no more: Arch Linux and Pacman now allow for package signing."

103 comments

Min score:

Reason:

Sort:

Late to the party... by Anonymous Coward · 2012-01-17 03:03 · Score: 1, Insightful

Welcome to at least 2003!
Re:FRIST by Anonymous Coward · 2012-01-17 03:04 · Score: 0

Sir, you fail hard.
Arch by jampola · 2012-01-17 03:18 · Score: 2

It's the Linux man's Linux. I have so much love for Arch and to be honest, the lack of package signing has never been an issue. But nonetheless, a welcomed addition!

Moreover, I haven't really heard of too many people complaining about the lack of Package Signing when it comes to Arch Linux, usually it's the fact that after you install, you are pretty much presented with BASH, and that's it!
1. Re:Arch by jampola · 2012-01-17 03:20 · Score: 1
  
  I should rephrase, the lack of Package Signing has not been an issue to me, not in general. Sorry if I confused anyone. Now carry on...
2. Re:Arch by Hatta · 2012-01-17 03:30 · Score: 1
  
  How do you know that package signing has never been an issue for you? You could be using a rooted 'login' and never know. Unless you have a checksum, you can't be sure the packages you fetch from arch haven't been tampered with.
  
  --
  Give me Classic Slashdot or give me death!
3. Re:Arch by Anonymous Coward · 2012-01-17 03:56 · Score: 0
  
  This is why I love these modern Linux users. College kids who have less security sense than the average Windows user, but fat dorm pipes, lets install LUNIX!!1
  Why in gods name would anyone install something, as root, without being able to verify the checksum. My mass-marketing botnet thanks you ;D
4. Re:Arch by Anonymous Coward · 2012-01-17 04:07 · Score: 2, Funny
  
  This post is unsigned and may have been forged.
5. Re:Arch by Tim4444 · 2012-01-17 04:14 · Score: 2
  
  checksum != digital signature
  Arch already provides checksums for source to be downloaded for AUR packages. I'm not sure about binary packages. In any case, that's not the same as digital signing which is what is being implemented here. I highly recommend Applied Cryptography (ISBN 0-471-59756-2) if it's is not clear to you.
6. Re:Arch by Hatta · 2012-01-17 04:32 · Score: 1
  
  You are of course correct. Checksums can be forged, digital signatures cannot. I'm quite aware of the difference, but did not write precisely.
  
  --
  Give me Classic Slashdot or give me death!
7. Re:Arch by Anonymous Coward · 2012-01-17 06:31 · Score: 0
  
  If your botnet business strategy is trying to commit a critical security flaw to popular, open source software, with a potential distribution base of about twelve people... I'm guessing it's not making you a lot of money.
8. Re:Arch by t0rkm3 · 2012-01-17 07:55 · Score: 1
  
  Yeah... I love Arch, and I hate it.
  However, I have to say that the documentation is quite excellent (with some reservations {wireless is a bit messy}) and the forum and IRC support is very helpful. Which is inconsistent across the distros (Gentoo and Sabayon tend to either be really helpful or real hardcore jerks). The Arch guys are always cordial and helpful which encouraged me to hang out there more often...
  Pacman is slick and fast. The query feature could be more robust before it reaches Debian loveliness, but that isn't always necessary. Sabayon's entropy is nice and verbose, but slow does not begin to describe it. Sulfur is even worse.
  AUR is cool, but I definitely recommend a manager for it as it can be tedious fetching all of the prereqs for a much loved piece of software.
  There are many Arch-based or inspired distros. I currently use ArchBang, which keeps you from having to start which the bash shell and work upward from there. I've done the build from bare metal with Gentoo and Arch enough to know that I don't always want to start there.
  Anyhow... back on topic... Yay for Arch.
Re:Now how about getting Linux users basic hygine by RyuuzakiTetsuya · 2012-01-17 03:24 · Score: 3, Funny

Which is surprising because SOAP is a patent free industry standard.

--
Non impediti ratione cogitationus.
Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 03:32 · Score: 4, Interesting

What does Arch bring to the table?
Debian has a minimal install option, is committed to freedom, has an awesome package manager, has tons of packages available, and has multiple release tracks that allow one to stay cutting edge should one wish.
RedHat is commercially supported.
CentOS is the free version of RedHat.
SLES is commercially supported, with a deal with Microsoft to interoperate.
Ubuntu is Debian made easier.
Gentoo is for people who like to recompile software for their hardware.
I get all of the above distros. I don't run them all myself -- especially not gentoo -- but I understand why some people do.
What's the point of Arch? I poked at the website and wikipedia pages, but don't see an explanation of what it gives you over, say, a base Debian install.
Note: this is not intended as a troll. I'm curious as to what Arch brought to the table. Why was it introduced? I'm sure there's an answer, just curious what.
1. Re:Arch Linux: what's the differentiating factor? by Anrego · 2012-01-17 03:39 · Score: 1
  
  I agree.
  I tried arch and wasn't impressed.. it didn't seem to do anything better than any of the other distros, and had some measure of .. unusualness. I also found the install process fairly unwieldy (especially package selection).
  Personally I'm a Gentoo user. Not really for the recompiling for hardware thing .. I just prefer the way they handle certain things in contrast to say, Debian.
2. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 03:46 · Score: 1
  
  package selection should be used to select additional packages you really need (like wifi drivers).
  You setup your system **after** installing a base system.
  This is a case #200394934908 of not following the beginners' guide.
3. Re:Arch Linux: what's the differentiating factor? by some_guy_88 · 2012-01-17 03:48 · Score: 4, Informative
  
  My favourite Arch feature is the AUR (Arch User Repository) where anyone can submit their own packages which other uses can then install.
  Because of the AUR, Arch is more likely to have a package for some given obscure application that Debian would be missing. Also, these packages are kept up to date to a greater extent than you'll see on Debian. Finally they're all in one place where as you don't have to constantly add repositories to your package manager's repo list.
4. Re:Arch Linux: what's the differentiating factor? by dejanc · 2012-01-17 03:56 · Score: 3, Interesting
  What does Arch bring to the table?
  
  It's a rolling release distribution, which many people like.
  Package manager is very easy to use
  Making new packages and modifying existing ones is extremely easy. Not only is the syntax of package definition very simple, but all package sources are easily available with the ABS (Arch Build System, something like ports).
  The previous point is the reason that AUR (centralized repository of user-submitted packages) is very popular and generally of acceptable quality.
5. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 04:00 · Score: 0
  
  Arch is something between Gentoo and Debian. It has binary repositories, similar to Debian, but "optimized" for i686 (not i386) and amd64 (there's ARM port too...).
  [snip]
  Interesting, thanks. Why did it need its own package format rather than reusing ,deb or .rpm?
  - OP
6. Re:Arch Linux: what's the differentiating factor? by gajop · 2012-01-17 04:02 · Score: 3, Insightful
  
  Read: https://wiki.archlinux.org/index.php/Arch_Compared_to_Other_Distributions
  I don't think you have a clue tbh. I've tried most well known Linuxes (all that you mentioned and a few others), and I can tell you that there are two major differences that distros have, as far as users are concerned: 1) GUI/CLI based (which is also complex/minimalistic), 2) Regular/rolling release based.
  1) Ubuntu, Fedora, OpenSUSE and so on are GUI based systems, coming with fully installed DEs and offering people little choice on the initial install. Sure you can remove stuff and install simple WMs, but that just makes it harder to configure than Arch/Gentoo and even Slackware, who are made for ground-up installation. The reason I use Arch regularly is because I can configure it to do pretty much exactly what I want.
  2) Ubuntu, Fedora, Debian, OpenSUSE, Slackware, and a whole lot of others are using the regular (once, twice a year) release cycle. It's fine if you're using it in the office/classroom/servers, or you just don't use computers much. But often, software updates come a lot more regularly than that (Windows _software_ is rolling release!, the OS itself isn't of course), and it's always good to in the bleeding edge - unless it's you who's bleeding, and that's a potential problem (much like this update required some meddling before it would just work). And even if you do get problems every once in a while when you do rolling release updates, the huge amount of problems whenever I do a full update every 6 month on Ubuntu makes me want to do a clean install (I'm using an uptodate Arch from 2008~, did some experimenting with other linuxes). In the rolling release field it's quite similar to Gentoo (that's another power of Gentoo, it isn't just people compiling stuff for the laughs).
7. Re:Arch Linux: what's the differentiating factor? by Hatta · 2012-01-17 04:05 · Score: 4, Informative
  
  Great documentation and vanilla packages. That about sums it up. It's like Slackware with improved package management.
  I've been running systems built from Debian base for about a decade. Recently I kept running into the Arch wiki when I wanted to solve a problem. e.g. if I want to reenable ctrl-alt-backspace in Xorg. If I google that, I get a page full of shitty Ubuntu related solutions that depend on extra packages or gui configuration tools.
  But there's one result that sticks out. The Arch wiki provides a nicely organized richly linked list of things you might want to configure, and how to configure them. This is how you collect and present useful information. I figured, if I find myself consistantly using the documentation for a distro, maybe I should check out the actual distro.
  So I still use Debian on most of my systems, but have thrown Arch on a couple for fun. It's easy, it works, and it doesn't feel as crufty as Debian does. Package signing will make it a contender for real work. Yay Arch!
  
  --
  Give me Classic Slashdot or give me death!
8. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 04:06 · Score: 0
  
  Also it's very easy to download packages only once on a multiple-Arch-machine network and share them between machines. I do this all the time and update all my machines by downloading packages only once.
  I always hated the fact that other distros wouldn't let me get the newest version of LibreOffice (anacronistically ;-) or Digikam or Amarok or Gimp etc. etc. etc. With Arch I always have the latest stable version and can get the beta or alpha or git version if I want it. I love it and my sons are learning tons about the inner workings of Linux by running it.
9. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 04:21 · Score: 0
  
  2) Ubuntu, Fedora, Debian, OpenSUSE, Slackware, and a whole lot of others are using the regular (once, twice a year) release cycle.
  With Debian, you have the choice of stable (irregular releases), unstable (almost bleeding edge), or testing (not quite bleeding edge.) testing is on a rolling release cycle.
  I'm not seeing much benefit of Arch over Debian. AFAICT, if you start with a Debian base install, enable non-free, and set yourself to tracking testing, you get pretty much all the benefits of Arch. So what is Arch buying you?
  I'm especially not seeing why they had to reinvent the package management wheel. .deb or .rpm would have made more sense. And then they wouldn't have needed to wait 9 years for package signing.
  I've been running Linux since the mid-90s. It's been frustrating to see people investing tons of energy and time into reinventing distros, formats, and programs that differ from each other only very slightly.
  - OP
10. Re:Arch Linux: what's the differentiating factor? by Anrego · 2012-01-17 04:27 · Score: 1
  
  Fair enough., I will say that while you expect to have to read through some documentation the first time installing something like Gentoo, something that provides an installation utility I'd expect not to need to.
  I went the "install only basic packages" route anyway as it's what I tend to do on any distro, but if this is the actual intended method, putting a note to that effect in the installer itself might be a good idea (if not already done). I can't be the only one who doesn't see "step by step install utility" and immediately think "oh man, better read through the docs first before attempting that shit".
11. Re:Arch Linux: what's the differentiating factor? by bjoast · 2012-01-17 04:33 · Score: 1
  
  Because of the AUR, Arch is more likely to have a package for some given obscure application that Debian would be missing. Also, these packages are kept up to date to a greater extent than you'll see on Debian. Finally they're all in one place where as you don't have to constantly add repositories to your package manager's repo list.
  What you're mentioning are some of the main reasons why I am running Arch. But there's also the wiki, the community and the feeling of having a system which is very simple and clean. I tried it a few months ago and just loved it.
12. Re:Arch Linux: what's the differentiating factor? by Hatta · 2012-01-17 04:37 · Score: 1
  
  This shouldn't have been modded down. It's a good question, well stated, that provoked a number of thoughtful responses.
  
  --
  Give me Classic Slashdot or give me death!
13. Re:Arch Linux: what's the differentiating factor? by krinderlin · 2012-01-17 04:47 · Score: 1
  
  If I recall correctly, because everything, including the package build system, is based off of PKGBUILD's. I've never really worked at making packages for RPM or DEB, but PKGBUILD's are supposed to be simpler. (Though it may be compromise of simplicity for robustness of features.)
14. Re:Arch Linux: what's the differentiating factor? by Morty · 2012-01-17 04:53 · Score: 1
  
  My favourite Arch feature is the AUR (Arch User Repository) where anyone can submit their own packages which other uses can then install.
  Cool, thanks. That's a good differentiator. Most other distros have mechanisms to add unofficial repositories. But that's a lot of bother for the packager.
  Next question: why did Arch need to reinvent the package management wheel? deb and rpm already existed. What does the Arch package format (format, not the pacman front-end) give you that other formats could not have?
  - OP
15. Re:Arch Linux: what's the differentiating factor? by loufoque · 2012-01-17 05:01 · Score: 1
  
  Debian, Ubuntu and the like all have an amd64 version as well.
  There is no reason to use a i386/i686 version instead of amd64. The latter will be faster and be able to use more memory.
16. Re:Arch Linux: what's the differentiating factor? by substance2003 · 2012-01-17 05:10 · Score: 5, Insightful
  
  I think the only thing you missed was that it's a rolling release OS meaning that unlike other distros. You never need to reinstall it unless you mess up.
  That to me has been the most important feature for me as I found it would get old to have to reinstall Fedora every 6 to 12 months to get access to the latest bleeding edge software.
  
  As one reviewer said, this OS is always fresh.
17. Re:Arch Linux: what's the differentiating factor? by loufoque · 2012-01-17 05:15 · Score: 1
  
  It's not really a differentiating factor since every other distribution has amd64, and given that i686 is useless when you have amd64.
18. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 05:36 · Score: 0
  
  There is no reason to use a i386/i686 version instead of amd64.
  Unless you have one of those not-horribly-old-yet 32-bit machines, such as the first crop of Atom-based netbooks and UMPCs. And these are all i686-compatible, and much more common than anything old enough to requre i586 or prior.
19. Re:Arch Linux: what's the differentiating factor? by TheCycoONE · 2012-01-17 05:42 · Score: 1
  
  Floating point texture support in mesa? AFAIK they are the only binary distro to enable that flag because of patent concerns.
20. Re:Arch Linux: what's the differentiating factor? by hobarrera · 2012-01-17 05:43 · Score: 1
  
  1) It's a rolling-release distribution.
  2) It's bleeding edge (so no point comparing it to debian).
  3) It follows the KISS principle.
21. Re:Arch Linux: what's the differentiating factor? by Korin43 · 2012-01-17 05:45 · Score: 2
  
  Next question: why did Arch need to reinvent the package management wheel? deb and rpm already existed. What does the Arch package format (format, not the pacman front-end) give you that other formats could not have?
  - OP
  Arch packages are much easier to build. This was the thing for me. You basically write a file containing the package name, version number, where to get the sources (and their checksums), and then a bash script of how to install it. Most Arch packages can be written in minutes -- which I think is why the AUR is so popular.
  For example, this is the entire source for a pylibmc package:
  http://aur.archlinux.org/packages/py/python2-pylibmc/PKGBUILD
  Notice how simple the build() section is in comparison to Debian packaging.
22. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 05:55 · Score: 1
  
  It's my understanding that debian testing still breaks fairly regularly, and when that happens, you can't always get a fixed package very soon, because sometimes the fix can be stuck in unstable until it's confirmed not to break anything worse, I guess. Or something -- a debian guy explained this as why I'd probably be better off running unstable than testing, given that I was able to fix occasional apt problems (learned on Maemo, where breaking apt was a way of life for a while), and I didn't quite 100% get what he was saying, but basically he said unstable breaks more often, testing stays broken longer. I'm not a Debian guy, though, so ICBW.
  With Arch, you always get the latest stable version, completely QA'd. With Debian, you're either stuck with whatever version was current when stable was released, or you're pulling packages partway through the QA process. Regardless of the specifics, you can't call that the same thing.
  Anyway, I don't get what the big deal is about duplication of effort -- if it makes people happier to reinvent the wheel than to copy someone else's wheel -- let 'em; it doesn't hurt you.
23. Re:Arch Linux: what's the differentiating factor? by gajop · 2012-01-17 06:18 · Score: 1
  
  Regarding package management, as far as the users are concerned I'd say Arch has the best possible thing. I've tested portage(Gentoo), apt-get/aptitude (Debian&Ubuntu), fedora's rpm installs (can't remember the apps name).
  Speed: Package manager (pacman) is probably the fastest one there is, when testing repository querying, installs, local queries and so on. Some operations got even faster with the new install.
  Packages: A lot of packages are available on core/extra/community repositories, most of what an average user would need. Packages exist for both x86 and x86_64 as well as those for cross-compilations in multilib. The few that aren't there will probably be found in AUR.
  Package customization: You can create your own PKGBUILDS, simple files (much simpler than what you'd have to do in Gentoo f.e) that do package compilation and installation. You can even take existing ones and modify them ever so slightly to fit your needs :every package in core/extra/community has PKGBUILDS downloadable with simple commands (f.e "abs extra/firefox").
  I personally don't care about package signing, if I'm ever concerned about a package (from AUR only, core/extra/community I trust more than official sites/sources), I could always take a fast skim at PKGBUILD and make sure it doesn't do anything weird (the logic is just a bunch of sh commands after all).
  Oh and I forgot to mention one thing: Arch Wiki - probably making it the best documented distro there is, and #archlinux on freenode, where you'll usually always get information on what you need (it's even usable as an information source for non-arch related things).
24. Re:Arch Linux: what's the differentiating factor? by Edwin_OS · 2012-01-17 06:28 · Score: 2
  
  Finally somebody said it, and no, setting testing repos in debian is not as close as using a good rolling release.
25. Re:Arch Linux: what's the differentiating factor? by Thantik · 2012-01-17 06:28 · Score: 1
  
  I'm not exactly sure I'd call what arch has an "installation utility". It's more of a bootstrap utility.
26. Re:Arch Linux: what's the differentiating factor? by Spykk · 2012-01-17 06:51 · Score: 2
  
  A description of Arch in the format you used to describe the other distributions might be:
  
  Arch is a rolling release distribution that tries to keep its packages as close to vanilla as possible.
  
  While I wouldn't recommend Arch in a production environment (the bleeding edge can be slippery) it works great for my personal server/media center and my netbook. Rolling release means you get to try out those great new features the day after you hear about them instead of six months later.
27. Re:Arch Linux: what's the differentiating factor? by Narishma · 2012-01-17 07:17 · Score: 1
  
  The reason to use an i686 version is if you have a CPU that doesn't support x86_64, such as the first few models of Atoms or older CPUs that predate AMD64's introduction.
  
  --
  Mada mada dane.
28. Re:Arch Linux: what's the differentiating factor? by devilspgd · 2012-01-17 07:45 · Score: 1
  
  I find the simplicity of it to be just amazing. Everything is where I'd expect, nearly everything is done the way that makes sense, and it doesn't get in my way.
  When I have run into problems, I've had a surprising amount of help without the "Why are you running Linux if you don't understand /that/?" arrogance that is so common in certain Linux areas.
  
  --
  Give a man a fish, he'll eat for a day, but teach a man to phish...
29. Re:Arch Linux: what's the differentiating factor? by jpate · 2012-01-17 07:50 · Score: 1
  As a follow-up, the resulting binary packages are also simple. They are a perfectly vanilla xz-zipped tarball (Really! download and extract the package for bash) containing:
  
  The files in the tarball relative to /.
  A small metadata file recording e.g. dependencies, any configuration files that should be backed up.
  (Optional) A small file containing bash functions that will be executed before and after installation, upgrades, or removal.
30. Re:Arch Linux: what's the differentiating factor? by aix+tom · 2012-01-17 07:55 · Score: 1
  
  As both a Arch and Gentoo user, I also like the fact that both don't have version. The update of a specific package is done when the package is ready upstream, not when a new version of the distro comes out.
  Basically the way it feels is that the both are versionless distros with a package management system. In Gentoo the default format for a package is source, but you CAN create binary packages yourself if you want. In Arch it's the other way around, the packages are binary by default, but you CAN use source packages with AUR. Both also follow the same path that they don't have "default" window managers and desktop environments and stuff, but let the user decide what to use from the start. That of course is the cause for the "there is just a bash prompt when you have installed it" that some people don't like. Of course having your DE of choice installed is only a few commands away, with easy copy and paste instructions to follow.
31. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 07:58 · Score: 0
  
  Fedora has preupgrade, which makes Fedora function like a rolling release distro. I've used it many times, and it worked great for me. And I believe that other distros have something similar. So I don't see that as any kind of major selling point for Arch.
32. Re:Arch Linux: what's the differentiating factor? by maztuhblastah · 2012-01-17 08:10 · Score: 1
  
  So I still use Debian on most of my systems, but have thrown Arch on a couple for fun. It's easy, it works, and it doesn't feel as crufty as Debian does. Package signing will make it a contender for real work. Yay Arch!
  Can you describe it without the weasel words?
  What do you mean when you describe Debian as "crufty"? What do you mean when you say Arch is "fun"?
  I could use those words to describe just about any distro, but they don't really communicate anything other than that you prefer Arch over Debian for some unspecified reason(s) -- which we could easily guess from the rest of your post.
  I'm not saying it is or is not a good distro -- I just don't think that "crufty" and "fun" mean much of anything. As The Dude says: "Yeah, well, you know, that's just, like, your opinion, man."
  
  --
  The real litigious bastards...
33. Re:Arch Linux: what's the differentiating factor? by schroedingers_hat · 2012-01-17 08:14 · Score: 1
  
  One of the differences between Arch and Debian is that Pacman is much more minimalistic about what it considers a dependancy.
  This allows greater control for those who obsess over what they do and don't want on their system.
  It also helps with learning a lot about what each component does and why it's there. When I've tried minimalistic Debian installations in the past, I quickly get overwhelmed by the amount of things each package brings with it.
  I probably would not install Arch again, but setting up my current system taught me a lot more than installing Debian or Ubuntu ever has.
34. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 08:21 · Score: 0
  
  Preupgrade just upgrades version X to X+1, so it's not the same at all. If you want a rolling release of Fedora, run Rawhide. That's a real rolling release, but Arch will be much more stable.
35. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 08:54 · Score: 0
  
  Arch is a BSD style Linux that is simple and plain.
  The BSD style init system is nicer then SysV init. Vanilla packages are awesome since the project documentation actually works. Arch just lets people do whatever they want to with it.
  Debian, RHEL/CentOS, et al. (minus Gentoo) try to impress their view of the world on the user.
36. Re:Arch Linux: what's the differentiating factor? by NotBorg · 2012-01-17 09:19 · Score: 1
  
  Arch Linux brings a lot to the table but in areas you wouldn't expect. If you just "try" Arch Linux you probably miss the good points. I guess you could say that it grows on you. Or maybe that it grows with you.
  The biggest, most obvious thing that Arch does that differentiates it from other distributions is that it is a rolling release. When an upstream project releases a new version and calls it stable, it works its way into Arch. How does this differ from other distributions which can get newer packages by changing/adding package repositories?
  Support for those new packages. Consider that with most distributions you have some users using the "officially supported" packages, some using the latest stable packages, and some using the latest development snapshots. I don't have any concrete numbers, but I suspect that most users like to be somewhere in the first two categories. With Arch Linux, the first two categories are combined, putting more users together running the same packages. In effect, more users are using the officially supported packages. Strength in numbers.
  Bug reporting and processing is streamlined. There's no need for "me too with this OS release and the packages from over there" posts you see in other bug trackers. There really is a lot of effort that goes into just answering the question of if a newer version fixes the problem. When everyone is close to the current upstream, it becomes much easier to move the bug report upstream where it belongs. You still get the buffer zone between end users and developers (which catches duplicates, invalid, and too vague to be useful reports) but with much less delay simply because we know the bug is very likely relevant.
  Arch Linux isn't for everyone, but just one choice. This is a funny one because with Arch you both give up some options and gain others. Right off the bat you make to the choice to stay current and close to the upstream. While this might not be as bad as some make it out to be, it's not for everyone. On the other side of the coin, you make many more choices on your own about what software you run. For example there's no KDE or Gnome version of Arch Linux. You pick that yourself.
  This rolls right into another differentiating characteristic of Arch. For the most part Arch doesn't pick defaults for you. Those come from the upstream. This is interesting because it carries the effect of encouraging the user to really look at those defaults to see if they make sense. Again, Arch isn't for everyone. Some don't want to check configurations and won't even if they should. There's a lot of folks that avidly believe that the distribution should do that for you. I say Yes and no. Shouldn't those reasonable defaults be part of the upstream? I believe that distributions should spend a bit more time getting those reasonable defaults into the upstream project and only fall back to "protecting user from bad defaults" when they can't get things upstream.
  This is largely a philosophy that Arch holds to. If you don't like the vanilla upstream, try to get your changes into the upstream instead of dragging around a custom patch set for all eternity. So, just the user base all using recent and mostly vanilla packages is one of the key differentiating characteristics of Arch Linux.
  Beyond that there's a lot of social interaction (community) which is more or less unique in to the Arch User Repository (AUR). Unlike package repositories from other distributions which might be maintained by a small group, the AUR is maintained by the larger user base. Better than just that, it's ridiculously easy as a user to interact with the person behind something found on AUR. And that's not something that can be said with a lot of other "community ran" repositories for other distributions. When you go to grab a package off of the AUR you can't miss the built-in forum thread for that package. It's designed to be social. Again, not for everyone. But for those it is for... it's very for.
  
  --
  I want this account deleted.
37. Re:Arch Linux: what's the differentiating factor? by Hatta · 2012-01-17 10:18 · Score: 1
  
  I didn't say Arch was fun, I said fun was my motivation for putting it on a couple computers. I could have had the same fun with any distro, but Arch seemed to be a good choice for the reasons I described in my earlier post.
  I did say Debian was crufty. And yes, that's probably subjective. Just the sheer number of packages makes it harder to figure out what the best way to do something is. It's not a major criticism and I don't dislike Debian for it. I still use it on anything important.
  
  --
  Give me Classic Slashdot or give me death!
38. Re:Arch Linux: what's the differentiating factor? by Morty · 2012-01-17 10:20 · Score: 1
  
  Anyway, I don't get what the big deal is about duplication of effort -- if it makes people happier to reinvent the wheel than to copy someone else's wheel -- let 'em; it doesn't hurt you.
  New distros and package formats hurt everyone:
  1. The "Linux" community only has so many knowledgeable volunteers and developers at any one time. Maintaining a general-purpose distribution takes a whole fleet of people, each of whom understands the intricacies of one or more subsystems. When you create another distro, you are implicitly hoping that you can get a whole bunch of people to stop contributing to some other project and instead contribute to yours; and/or you are hoping to divert new volunteers from other projects. New distributions spread us more thinly.
  If you can make a newer distro that is significantly better than anything else, you might be able to kill off an older distro and/or grow the community enough to compensate for the above. But if you create a distro that is only marginally better than its predecessors, you will needlessly consume a section of the volunteer base. It would be better to take your ideas to an existing distro and improve that, instead.
  2. If a programmer wants to write and test software for "Linux", the number of different distributions to target and test on keeps getting higher.
  3. COTS vendors who are tempted to support "Linux" sometimes look at the mess of distributions and give up. When they do provide support for some Linux distros, their Linux customers sometimes whine that they aren't supporting $distro_of_choice, which makes COTS vendors hate us. Unnecessary distros make this worse.
  4. New packaging formats, in particular, create additional burdens on cross-distro tools for package management and file browsing.
39. Re:Arch Linux: what's the differentiating factor? by kbrosnan · 2012-01-17 18:30 · Score: 1
  
  Debian tends to have large and historical patches that make large upstream patckages fit the Debain way. For example I'm takling about packages such as OOo/LibreOffice, Apache httpd, Mozilla Firefox, etc. Arch goes in the other direction, make as few changes to the upstream package as possible.
  
  --
  These people look deep within my soul and assign me a number based upon the order I joined. -Homer Simpson
40. Re:Arch Linux: what's the differentiating factor? by Anonymous Coward · 2012-01-17 18:52 · Score: 0
  
  You're both confused. All the best distributions see that their improvements go upstream to the projects they depend on. For example, if a Fedora developer makes an improvement to GIMP and gets that improvement upstream then Ubuntu users will see that improvement too (eventually). Done right, it's mostly not a division or duplication of effort. You don't say the Kernel is a divided and fragmented effort just because some developers are from Google others from IBM, Fedora, etc, etc.
  Secondly distributions really aren't as different as their fan clubs make them out to be. Bash is Bash, GIMP is GIMP, KDE is KDE, Firefox is Firefox, and on and so on. Sure distributions might chose different default configurations or different branding and theming, but mostly the software is the same. Packaging is different but not really prohibitively so. If you push out a deb and rpm you've covered nearly all the relevant distributions. If that's too much just throw it in a tarball or roll your own installer. Don't scoff, Windows software has been distributed that way since forever. And yes, it can and has been done for commercial Linux software before. While it certainly is nice if software is installed via the native package manager, it's not absolutely necessary.
  Look, Unreal Tournament 2004 still works on every distribution I've tried. It's approaching the decade marker and still works. I think it's safe to say that it's not prohibitively difficult to produce long lasting binaries and package them loosely enough to work on the plethora of distributions despite the FUD that they're all so drastically different.
41. Re:Arch Linux: what's the differentiating factor? by NorQue · 2012-01-17 20:35 · Score: 1
  
  But there's one result that sticks out. The Arch wiki [archlinux.org] provides a nicely organized richly linked list of things you might want to configure, and how to configure them. This is how you collect and present useful information. I figured, if I find myself consistantly using the documentation for a distro, maybe I should check out the actual distro.
  That's what happens to me a lot, too, lately. Previously it used to be the Ubuntu Forums where you could find a lot of useful information, but nowadays it's the ArchLinux Wiki that sticks out a lot in search results. May give it a try in a VM soon.
42. Re:Arch Linux: what's the differentiating factor? by pastie · 2012-01-17 21:45 · Score: 1
  
  Debian unstable/sid is a rolling release distro too.
43. Re:Arch Linux: what's the differentiating factor? by t0rkm3 · 2012-01-17 23:32 · Score: 1
  
  For starters? The init system.
  Otherwise? The packages in general. It takes something so long to make it through the repo approval system that it's obsolete by the time it hits mainline. For some that is probably a bonus, but for me that's just a pain in the arse, cuz then I have to go and find either a repo that bolts on or a deb and the appropriate dependencies. For those that argue that AptoSid, or unstable/testing etc are the answer... well my forays into AptoSid and unstable/testing were less stable than Gentoo/Sabayon... So, I tried each of the porridges and found Arch seems to be in the sweet spot.
  (Until RedHat/Fedora abandons RPM, I will not touch them... though I am forced to use RHCE at work, and yum at least seems reasonable these days even if the RHCE repo is archaic.)
  Also, the .deb build process is more painful than it ought to be (unless I am missing something, which is likely as my patience is not infinite.) whereas it took me all of 10 minutes to figure out the PKGBUILD system so that I could roll my own packages for use when AUR didn't have what I needed/wanted.
44. Re:Arch Linux: what's the differentiating factor? by t0rkm3 · 2012-01-17 23:35 · Score: 1
  
  I wish I had modpoints... It seems that the Debian peeps think that I have infinite diskspace, so when I want to install something to test it... It MUST come with 80 bajillion other packages... and deinstalling those may traverse back up the tree and break something that I want. Hence my hate for *untu as well.
45. Re:Arch Linux: what's the differentiating factor? by Edwin_OS · 2012-01-18 05:09 · Score: 1
  
  Sadly it breaks a lot more than arch rolling release repo, I guess it should be because Arch rolling release repo have all the attention from its community making sure that it keeps as stable as possible.
46. Re:Arch Linux: what's the differentiating factor? by EvanED · 2012-01-18 14:59 · Score: 1
  
  The Gentoo wiki used to be very very very good, until it died a couple of years ago - and it never regained it's glory
  Aw, that's too bad. I didn't know that it went away; I haven't used Linux at home for a few years. I've said a few times in "what distro should I use" conversations that if you have a few rare qualities (the time and will to tinker, some knowledge about computers even if it's not about Linux specifically, and aren't afraid to play around and try things), Gentoo is actually a decent choice to even start off with because the docs are soooo good. I'm disappointed that it sounds like this may no longer be the case.
I tried, did I miss something? by doob · 2012-01-17 03:33 · Score: 2

I'd read a lot of good things about Arch, so I decided to give it a go a few months ago. I wanted to like it, I really did, but my experience over 3 ~ 4 hours was reminiscent of installing Slackware circa 2002. I don't want to have to know how to configure every package on my system from scratch, I want them to mostly work, and then be able to tweak them. I simply don't have the time for anything else. Maybe this just means Arch isn't for me, but it seemed that the install process was going out of it's way to make things as complicated as possible, a particular example was wpa_supplicant being selected for install by default, but not wireless-tools!
Did I miss something obvious that makes the whole process a lot easier, or is Arch just "like that"?

--
In the spoon, there is no Soviet Russia!
1. Re:I tried, did I miss something? by zanian · 2012-01-17 03:43 · Score: 1
  
  naturally, the more you know before installing makes it easier, so I wouldn't say you missed anything. I use Arch and I love it, but I also don't mind having struggled with it for hours. Sounds to me like it's just not for you. The only things that make it easier are the great wiki and the forums.
2. Re:I tried, did I miss something? by Anonymous Coward · 2012-01-17 03:48 · Score: 0
  
  I think the OP means that he's looking for something that's stable so he can make his projects the project and leave the os to be the respective platforms team's project.
3. Re:I tried, did I miss something? by Hatta · 2012-01-17 04:07 · Score: 1
  
  No, you didn't miss anything. Arch is for people who believe (correctly or incorrectly) that setting things up yourself so you know exactly how they work is less work in the long run than taking someone elses setup that "mostly works" and tweaking it.
  
  --
  Give me Classic Slashdot or give me death!
4. Re:I tried, did I miss something? by krinderlin · 2012-01-17 04:33 · Score: 2
  
  Over the course of about 3 installs, the process gets a lot faster. The Beginner's Guide on the wiki takes you along the scenic route to get you acclimated to the system.
  Personally, of all the Linux distributions I've worked with, I like Arch as a server. This is simply because I find the configuration from the command line to be far simpler than Debian based distributions. Comparing to RedHat/CentOS, for me, lands in the middle of Arch and Debian in complexity. However, if you have some fairly complex requirements for a server, I find that Arch has traded robustness for simplicity, so you may find that a RedHat based distribution is better suited.
  The AUR provides a Gentoo style system where a fairly standard script will download the source from upstream and compile it into a package you can then install. There are "AUR Helpers", a favorite is yaourt, which will manage dependencies that are both within the AUR and the standard repositories. I see this as a major benefit because people are far more inclined to simply write a PKGBUILD instead of creating their own repository. (I just recall Fedora requiring 2 "unofficial" repositories to run properly.
  Arch also makes a big deal out of being as close to upstream releases as possible. For instance, /usr/bin/python points to /usr/bin/python3 instead of python2, simply because Python people said at some point they'd like distributions to move to a default of python3. Unfortunately, doing so causes all sorts of breakage and screaming developers, so Arch is still one of the few that do it.
  I've not had too many support questions for Arch because the Wiki is usually all I need. On occasion, I'll dig through the BB's, but I've yet to need to ask a question about setting up nearly anything.
  To me, Arch just brings into focus a very straightforward ideal to distribution management. If upstream makes a release, build a new package, test, put it in core/extra/community. Keep patching to a minimum to reduce the work required to get from upstream code to binary package.
  So I guess good docs, decent package system, short time-to-package for upstream release, and the AUR removing the incentive for unofficial repositories are what Arch brings to the table.
  The main thing that makes most people leave is they don't subscribe to the arch-general and arch-announce mailing lists. If an upgrade to a core package ever fails with a weird message, the reason and how to fix it has generally been discussed in depth on the general list for a few weeks. Even then, there's almost always an announcement and a post to the front page of the website.
  If they do subscribe to the mailing lists, a lot of Ubuntu users come to Arch for some strange reason and get offended when they're handed a RTFW on the mailing list in response to a basic question. The boards are a bit more tame, but there is the same tendency to say, "Did you read this [link] on the wiki? Because it clearly states you're doing it wrong." Also, there's this strange obsession with bottom-posting that will completely derail a thread due to one person putting their reply at the top of the thread.
  So yeah, asking questions covered in the Wiki will get you some flack. Which I guess is a big turn off for people. God forbid you actually try to search in the wiki or forums first. (Those last few sentences are probably why I fit in with Arch. :-D)
5. Re:I tried, did I miss something? by Anonymous Coward · 2012-01-17 05:42 · Score: 0
  
  I ran Arch for about eight months. I ended up having to reconfigure my printer after every single update. Which in my case meant I had to reconfigure my printer every time I wanted to print. I'm not a big user of printers. But the fact that I couldn't just use it, and I had to fiddle with it all the time, was rather disconcerting. I ended up dumping it a while back and haven't had a desire to use it again. I just don't have time to keep my OS running where I want it. That is why I stopped using Windows.
6. Re:I tried, did I miss something? by PReDiToR · 2012-01-17 07:49 · Score: 1
  
  I've never installed wireless-tools. ifconfig wlan0, wpa_supplicant, dhcpd ... What would you need anything else for?
  
  I use Arch on my laptop, EEE and torrent server.
  Modern software on rolling release, most files where you expect them to be and no bloat (strigi, nepomuk, akonadi ... ) make this distro a joy to work with.
  
  Just for giggles I will point out that my desktop machine runs on Gentoo, so obviously I'm a masochist =)
  
  --
  
  Do not meddle in the affairs of geeks for they are subtle and quick to anger
7. Re:I tried, did I miss something? by tjbp · 2012-01-17 10:56 · Score: 0
  
  Configuring packages individually isn't actually as big a deal as it first seems. The defaults for most packages often do fine, and you tweak them to your liking if absolutely necessary. Thing is, I realise now I spend a lot of time tweaking things to my liking regardless of the OS - even if it's out-of-the-box and tweaking is supposedly unnecessary. Arch just allows you the extra freedom to tweak so much more, and you actually learn about the software as you do it. Bug reports - a backbone for these kinds of projects - benefit hugely from a userbase that is often capable of providing far more insight into an issue than your average Windows/Mac/Ubuntu user.
  It took me a few months to get my first Arch installation perfect, with lots of looking stuff up in the wiki. The second time there were a few things that I couldn't remember, but it took around a week in all. Now, I can install it exactly as I like it in about 15 minutes. However, I can't speak for others but the time I spent learning the system pays off when things break - I can actually get them fixed. When things break in Ubuntu (for example) I can waste hours searching for people with the same issue and trying to work out at which layer the bug occurs (exactly the reason I stopped using Windows previously).
8. Re:I tried, did I miss something? by Anonymous Coward · 2012-01-18 03:14 · Score: 0
  
  wireless_tools is long deprecated. Try iw.
Comment removed by account_deleted · 2012-01-17 03:45 · Score: 5, Informative

Comment removed based on user account deletion
Re:FRIST by K.+S.+Kyosuke · 2012-01-17 03:47 · Score: 4, Funny

Warning. The parent post in unsigned and may have been forged.

--
Ezekiel 23:20
You're right by Anonymous Coward · 2012-01-17 03:47 · Score: 0

Arch is not for you. Yes, the configuration is "manual" (text-based). No, it doesn't "just work", at least not in the end-user sense. (However it does "just work" in the slackware sense, meaning that when you go to compile a program for example, you can expect that all the standard unix tools and environment will be available and working as expected. Not so with Ubuntu for example.)
Arch is more or less a bleeding-edge slackware, although the system is not based on slackware but rather designed from scratch with slackware-like simplicity in mind. Arch has the simplicity and predictability of slackware, but with a modern package manager and update process, and bleeding-edge packages to top it off.
Comment removed by account_deleted · 2012-01-17 03:47 · Score: 3, Informative

Comment removed based on user account deletion
Comment removed by account_deleted · 2012-01-17 03:51 · Score: 1

Comment removed based on user account deletion
Whew.... by liquidweaver · 2012-01-17 04:06 · Score: 4, Funny

I've been using Arch for years, and the constant flow of virii and rootkits that were deluging me might finally go away!
With all the recent news of linux package repositories being the main vector of all these advanced persistent threats my CPO (Chief Pentest Officer) has been telling me about, I can now breath a sigh of relief.

--
mov ah, 4ch
int 21h
1. Re:Whew.... by TheBilgeRat · 2012-01-17 04:52 · Score: 1
  
  I lol'ed. I guess no one with mod points today has a finely tuned sarcasm meter.
2. Re:Whew.... by krinderlin · 2012-01-17 04:56 · Score: 2
  
  Not quite. *twitch* You have to enable it manually right now and the completion of the package signing work is only fully complete on [core]. [extra] is about halfway there and [community] is...well....NOT. :-/
I just live on the edge by mshenrick · 2012-01-17 04:09 · Score: 5, Funny

I feel like such a fearless badman for running arch linux before the packages were signed
1. Re:I just live on the edge by mshenrick · 2012-01-17 04:10 · Score: 1
  
  Next thing I'll be running everything as root! Then I'll be as cool as him https://www.youtube.com/watch?v=Uwhq1t7bNt8
Sweet... by Anonymous Coward · 2012-01-17 04:36 · Score: 0

And I saw this news just as I finished installed and updated Arch. Used it a few years ago and decided to give it a whirl again. IMO, its a damn good distro if you're interested in learning the workings of Linux and getting it to work the way YOU want it. And being a rolling release is a big plus.
Yes. You missed Archbang by fwarren · 2012-01-17 04:42 · Score: 2

Setting up Arch Linux is not hard. The article at http://lifehacker.com/5680453/build-a-killer-customized-arch-linux-installation-and-learn-all-about-linux-in-the-process is particularly useful. I did not even need to refer to the guide. Just followed the instructions at LifeHacker and then used the Arch Wiki to configure and fine tune things from there. So yeah, I can do it. But I found a better way.
I now do my Arch setups by installing ArchBang. ArchBang is a riff on CrunchBang. As a live CD, it is Arch Linux with an OpenBox GUI, a Tint2 panel, system info shown in conky and some slick CrunchBang style GUI configuration tools for OpenBox. Now setting up an Arch Linux system takes about 15 minutes. That is all the time it takes run the installer. As part of the install you need to edit two files. In rc.conf you set your hostname. In pacman.d/mirrorlist, you need to move the mirrors in your country to the top of the file. That is it.
After 15 minutes of work, you have a completely working Arch Linux system with sound, X and a Window Manager with font smoothing all set up for you.
In addition to pacman they also include packer. Which is able to install all the standard packages that pacman does but is also able to perform installs from AUR using the same syntax as pacman.
Arch + Openbox + Packer = ArchBang

--
vi + /etc over regedit any day of the week.
1. Re:Yes. You missed Archbang by Anonymous Coward · 2012-01-17 06:14 · Score: 0
  
  Setting up Arch Linux is not hard. The article at http://lifehacker.com/5680453/build-a-killer-customized-arch-linux-installation-and-learn-all-about-linux-in-the-process is particularly useful. I did not even need to refer to the guide. Just followed the instructions at LifeHacker and then used the Arch Wiki to configure and fine tune things from there. So yeah, I can do it. But I found a better way.
  Interesting choice of terms, "better". I think most Arch users would disagree, especially since most of them don't share your preference for OpenBox, and would find it undesirable cruft.
  Of course, it goes without saying that "better" is subjective, and it's ok if ArchBang's better for you (i.e. you have a fundamental philosophical disagreement with the whole Arch project). But simply representing a project with a complete reversal of The Arch Way as "Arch, but better", with no clarification of the profound philosophical difference that causes you to favor ArchBang is bound to fundamentally misrepresent one or both projects to newbs. So please stop it.
2. Re:Yes. You missed Archbang by Anonymous Coward · 2012-01-17 07:47 · Score: 0
  
  Look, if you're angry about the 'bang users upsetting the purity of your neckbeard distro, deal with it. We're already here, submitting bogus bug reports and whining about how we just broke X. The floodgates are open.
  You could always go to slack...or build it from scratch.
3. Re:Yes. You missed Archbang by Anonymous Coward · 2012-01-17 08:53 · Score: 0
  
  Not angry, perhaps you neglected to read where I said that philosophical differences are OK? And if you want to, for practical reasons, base your distro on a distro you disagree with philosophically, hell, that's what open source and/or free software is all about. The existence of ArchBang doesn't bother me, just like any other distro I don't have a use for.
  What does get me a bit annoyed is assholes glossing over the difference in a way that will cause newcomers to get a wrong impression about one or both distros. It doesn't even benefit your distro in any way I can see; I guess it's just laziness. But we're all better served by an accurate representation of reality, so I request you make the effort to draw distinctions where they are, or STFU (saving even more effort!).
Re:Now how about getting Linux users basic hygine by mcgrew · 2012-01-17 04:57 · Score: 0

Dude, don't feed the goddamned trolls! Especially since that lame pun is way too old to even start to begin to attempt to try to be funny.

--
Free Martian Whores!
Comment removed by account_deleted · 2012-01-17 05:09 · Score: 1

Comment removed based on user account deletion
Slackware by Anonymous Coward · 2012-01-17 07:05 · Score: 0

I notice you didn't mention slackware -- that explains why you don't get it. Arch is more or less a bleeding-edge slackware with automated package management. Now what's the appeal of slackware? In two words, simplicity and vanilla-ism. Arch and slackware are the ONLY two distributions that will give you simplicity and vanilla-ism.
With that said, I prefer slackware for servers, and arch for desktops.
Comment removed by account_deleted · 2012-01-17 07:10 · Score: 1

Comment removed based on user account deletion
Granularity by Deep+Esophagus · 2012-01-17 08:01 · Score: 1

I've tried maybe 15-20 distributions in the past 15 years, and finally settled on Arch. I like it for its minimalist base installation that lets ME choose the desktop environment without installing a bunch of crap I don't need; I also like its granularity that installs ONLY the packages I choose and their dependencies without a lot of additional crap I don't need.
So, you might say, use Linux From Scratch or Gentoo instead. I did! I used LFS for five years, but once I had learned enough from it in terms of what's going on under the hood, I got tired of always having to tweak compiler flags and build 800 dependencies in exactly the right order any time I wanted to upgrade. Likewise with Gentoo, I don't think I was ever even able to get a build environment it liked.
Arch is exactly the right balance. Somebody else went to the trouble of working out all the dependences and compile flag tweaks needed to build the binaries; I just have to download the binaries and I'm done. But I still have that fine control over exactly *what* packages get installed. When my desktop environment is a simple bare Fluxbox, I don't need the whole Gnome enchilada with gadgets and widgets and applets and I don't know what all else.
1. Re:Granularity by Raenex · 2012-01-18 07:32 · Score: 1
  
  Debian has granularity too. You don't need to install a desktop environment, but Debian provides a default install in case you want to. Debian has worked out all the dependencies for you, too, and provides binaries for many architectures. You can also easily build a package from source if you want to tweak it.
  Also, it provides different levels of dependencies, from required, to recommended, to suggested, and you can specify what the default is, as well as override the default when installing any package.
  It also has three levels of releases: stable, testing, and unstable, so you can choose your level of bleeding edge.
I love Arch, but... by fatalGlory · 2012-01-17 08:15 · Score: 1

vanilla doesn't suit everyone. I've used Fedora, Debian, Ubuntu and Arch (and several of their derivatives) full-time. From that experience I've learned two things:
* Arch is my favourite distro.
* My life is better when I use Ubuntu full time.
Arch has a simpler init, a better config structure, a better filesystem layout, a simpler packaging format that's easy to create build scripts for and amazingly good documentation. Also, all the points people make about AUR are valid, its marvellous. Much to love there. And that would be enough to outweigh the initial time investment of a day or two to get the system up and running how I want. But the vanilla packages are what kills the experience for me.
That's sort-of a sad realisation to come to, but it is a practical reality for many. It's not that I don't have the skills to maintain an Arch system well (I used to do sysadmin for Debian and CentOS systems), it's just that I don't have the time. Nowadays, I genuinely appreciate the Debian packaging philosophy where the package maintainers go out of their way to make sure the package is compatible and well-integrated with the rest of the distribution. With Arch, installing a new package also often requires me to spend half an hour or so configuring it or figuring out some little compatibility issue with another application. The pain is ongoing.
Rolling release doesn't help me either. I used to think it was a great idea. "Never need to reinstall again!", not like Ubuntu where I tend to reinstall every 6 months when there's a new release. However, in practice the releases give packagers some idea of the environment they are creating packages for and actually result in less time spent tinkering with the system.
Arch is a magnificent vision for what a distro could be, but it is geared a little too strongly to hobby purposes for my needs. I have work to do. Maybe Slackware would fill in the niche I've been describing, but it seems to be even less up-to-date than Debian stable.

--
Censorship is the opposite of education. If neo-darwinism were defensible, people would not need to try and censor ID.
May be a little off-topic... by IronHalik · 2012-01-17 08:39 · Score: 1

But I couldn't decide between Fedora and Ubuntu for long time. Always torn between Fedora's features and Ubuntu's support and software-base. And then I installed Arch and I seek no more.
The ultimate Linux distro for the semi-poweruser. Its more bleeding edge then Fedora, more solid/stable then Ubuntu (not Debian level, no sir, but close enough for desktop use), with AUR - giant software repositories (stuff Fedora didn't hear of, one click away... or command) and last, but not least, best community anywhere.
But be prepared to to spend your free weekend to set it, and polish, it up as it pretty much requires you to fit everything by hand, and then trim it to your liking.
signing packages is bad by Xtifr · 2012-01-17 08:52 · Score: 1

I thought most people had realized by now that signing packages is far from being a useful security feature, unless you have some way of revoking the signature on a package-by-package basis. What you want is a signature on the repo (preferably with an expiry date, so a malicious mirror can't just keep a vulnerable repo state around forever).
A package signature protects against trojans, but gives false credibility to official packages with vulnerabilities. A hostile mirror (possibly using a MITM attack) can simply keep a vulnerable package around indefinitely. A repo signature means that the vulnerable version of the package is tied to every other package in the repo, and the only way to keep the package around is to not update any packages, which is a whole lot more obvious than not updating just one package. See Attacks on Package Managers for details.
Basically, a repo signature offers all the security of a package signature and then some. If you want any sort of package security, you need repo signatures, and if you have repo signatures, package signatures offer no extra benefit.
1. Re:signing packages is bad by Anonymous Coward · 2012-01-17 09:45 · Score: 0
  
  The package signing works on a per-packager base. Every packager is required to sign his/her package and upload the signature to the repository. You as user must trust the packager (which pacman will ask for) to install a signed package.
2. Re:signing packages is bad by Anonymous Coward · 2012-01-17 17:19 · Score: 0
  
  Yeah, that's kinda what I was wondering about package signing. Is it really any more secure than not signing at all? Serious question. For instance, before I would update some package and accept whatever package the repo gave me. Is that package legit? Contain a virus/trojan/whatever? Who knows, I just install the fucker.
  Now I do the same thing, but after downloading it asks me if I trust "randomDude@lulz.ru" (the package signer) Well...do I? Who the fuck knows, who is this guy. I'm not going to go off and research every random email address to see if this guy is actually legit. So I basically just click "Yep" and install the package.
  How is this any different from before when there was no package signing.
3. Re:signing packages is bad by Xtifr · 2012-01-18 07:15 · Score: 1
  
  I understand how package signing works--I was a Debian developer for many years, and have also built a lot of RPMs.
  You obviously didn't read the paper I linked to. Having the uploader sign is good because it gives you accountability, but beyond that, per-package signatures are not only useless, but can actually be counter-productive! Because software has bugs! Which is why Debian doesn't attach the uploader's signature to the packages in its repo, even though it requires each upload to have one. That way, a buggy, insecure package does not have a signature offering a false sense of security. Read the paper.
Re:Now how about getting Linux users basic hygine by Anonymous Coward · 2012-01-17 09:55 · Score: 0

Gee willikers!! Looks like you need some SOAP in your mouth!
Que someone telling me not to feed the angry bear (which isn't feeding the troll who trolled another troll)... This is only gonna make him more angry isn't it.
Re:Now how about getting Linux users basic hygine by gmhowell · 2012-01-17 17:15 · Score: 1

Which is surprising because SOAP is a patent free industry standard.
Yes, but being public domain does not make it truly 'Free', therefore Stallman refuses to use it.

--
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Arch is AWSOME for dedicated MAME boxes by Anonymous Coward · 2012-01-17 20:59 · Score: 0

I use Arch for dedicated MAME boxes.
Lean, Clean, Fast and Up to date kernels.
Pacman is easy enough to use, And the Wiki is just brilliant.
(I'm a long time Redhat/Ubuntu user - And very impressed with Arch Linux)
I'm frankly disappointed by tehcyder · 2012-01-17 23:31 · Score: 1

There's not a single Pacman-the-game/Ms Pacman joke here.

--
To have a right to do a thing is not at all the same as to be right in doing it