Thanks. But I'm not meaning disappealing, I just felt uncomfortable when I see the packages from the AUR can't be updated by the pacman and I don' feel like using yaourt... Probably it's my obsessive compulsive disorder overtaking me. I'm looking forward to build a local repos for all my installed AUR packages so that they can upgraded by pacman -Syu. Though I'm probably still new to Arch, I used Fedora beforehand and I AM CLEARLY know the importance of a well-maintained configuration. And of course I am familiar - not daring to say mastering - with how SELinux works. If I said something wrong, then I apologize. And as I mentioned, I'm not intended to blame anyone of cause a fight, I'm just trying to discuss it's potiential to move it to the official repos. Now that I have read the formal posts, and I think I've already have a clear image of 'why'. Sorry to make you feel uncomfortable by my words. I'm from a non-English country and I'm not good at expressing. RW On Mar 2, 2017, at 12:16 AM, Martin Kühne via arch-general <arch-general@xxxxxxxxxxxxx> wrote: > On Wed, Mar 1, 2017 at 4:51 PM, Robert Wong via arch-general > <arch-general@xxxxxxxxxxxxx> wrote: >> Coming up: >> ...and detailed set up process on the Wiki, why can't those packages magically be maintained at the official repos? Since the upgrade experience of AUR packages are trully awkward... And I don't consider it safe to replace most of the critical packages with AUR packages... > > Wow. Interesting how the idea of a binary produced on your own machine > appeals less to you than a binary package delivered to you from > somewhere. Of course the arch repos aren't anywhere, but the way you > put it it would appear you don't feel up to the job of maintaining a > local build of security infrastructure of the kernel. > > To take away the result of a big part of discussions about security > infrastructure, apparently, nobody appears to deem the job of > maintaining and configuring security infrastructure for the official > repository worth their time, which I think is at least part of the > reason it's not there. I am probably oversimplifying the matter here, > this is just to get you thinking. > > If you want to run a secure setup, how about you throw away all > software you don't trust personally and are capable of reading its > source code. It's an interesting experiment and likely helps you find > the priorities to learn what matters about the software you run. Also > note that security infrastructure does not replace well-tuned > configuration, since it's apparently easier to misconfigure SELinux > than it is to use a good key cypher and deactivating password-based > logins on your SSH servers. > > cheers! > mar77i >
