Thanks. But I'm not meaning disappealing, I just felt uncomfortable when I see the packages from the AUR can't be updated by the pacman and I don' feel like using yaourt... Probably it's my obsessive compulsive disorder overtaking me. I'm looking forward to build a local repos for all my installed AUR packages so that they can upgraded by pacman -Syu. Though I'm probably still new to Arch, I used Fedora beforehand and I AM CLEARLY know the importance of a well-maintained configuration. And of course I am familiar - not daring to say mastering - with how SELinux works. If I said something wrong, then I apologize. And as I mentioned, I'm not intended to blame anyone of cause a fight, I'm just trying to discuss it's potiential to move it to the official repos. Now that I have read the formal posts, and I think I've already have a clear image of 'why'. Sorry to make you feel uncomfortable by my words. I'm from a non-English country and I'm not good at expressing. RW On Mar 2, 2017, at 12:16 AM, Martin Kühne via arch-general <arch-general@archlinux.org> wrote:
On Wed, Mar 1, 2017 at 4:51 PM, Robert Wong via arch-general <arch-general@archlinux.org> wrote:
Coming up: ...and detailed set up process on the Wiki, why can't those packages magically be maintained at the official repos? Since the upgrade experience of AUR packages are trully awkward... And I don't consider it safe to replace most of the critical packages with AUR packages...
Wow. Interesting how the idea of a binary produced on your own machine appeals less to you than a binary package delivered to you from somewhere. Of course the arch repos aren't anywhere, but the way you put it it would appear you don't feel up to the job of maintaining a local build of security infrastructure of the kernel.
To take away the result of a big part of discussions about security infrastructure, apparently, nobody appears to deem the job of maintaining and configuring security infrastructure for the official repository worth their time, which I think is at least part of the reason it's not there. I am probably oversimplifying the matter here, this is just to get you thinking.
If you want to run a secure setup, how about you throw away all software you don't trust personally and are capable of reading its source code. It's an interesting experiment and likely helps you find the priorities to learn what matters about the software you run. Also note that security infrastructure does not replace well-tuned configuration, since it's apparently easier to misconfigure SELinux than it is to use a good key cypher and deactivating password-based logins on your SSH servers.
cheers! mar77i