AUR doesn't guarantee security, its upto the user to use AUR & verify before installing anything, its very evident why arch is not used in enterprise solutions.
AUR doesn't guarantee security, its upto the user to use AUR & verify before installing anything, its very evident why arch is not used in enterprise solutions.
It's not the AUR. It's the rolling release cycle, and probably even more importantly, lack of support options.
The AUR has absolutely nothing to do with the rolling release cycle
yes & comment didn't mention that both are dependent, fooqux is correct.
He literally said "It's the rolling release cycle" he is not correct
You're reading it wrong. He's giving an alternative reason why it's not used in enterprise.
Agree
Arch is not used in enterprise solutions because of the AUR? Can't you just not use it?
AUR is choice, rolling release is the reason
No, it's not. If Debian had a community-maintained repo of additional packages, the same thing could happen there.
The fundamental problem is having something that has very loose oversight and next to no controls. That may have worked in the past, but in the day and age of constant supply chain attacks, it's a major liability.
GP was talking about why Arch isn't used in enterprise, not what happened in the post.
Rolling release has nothing to do with this. It could just as well be a PPA in ubuntu or any deb repo for debian or similar.
Makes sense.