I mean, yeah that would be my solution. I get that the AUR is attractive, precisely because it has a low barrier for anyone to submit their PKGBUILD. The level of oversight and verification is just a bit too low to recommend it to an average user, without a lot of caution. You’ve mentioned some alternatives that fall on different points along the spectrum of delivering software. Something like flatpak is a much more reliable tool in the hands of someone who just wants a GUI app and not think about how it gets to their desktop. For everything else that isn’t part of your distros repositories, there’s really not a good noob-friendly solution that doesn’t carry a big potential risk. Most distros have third-party repositories that use the same underlying tools to deliver software, but are less strict about QA and stuff. This is kind of a bad fit for rolling release distros in my opinion and is probably one of the reasons the AUR is so hands-off and DIY oriented.
There’s probably a better way to handle this, but I don’t think it’s an easy thing to solve (especially for the rolling release model) and the AUR isn’t really appropriate for mass-consumption by average users. Also, there will always be a certain point beyond which you’re on your own, it’s just not feasible to have reliable, safe, distro-agnostic packaging for every piece of software out there.
I mean, yeah that would be my solution. I get that the AUR is attractive, precisely because it has a low barrier for anyone to submit their PKGBUILD. The level of oversight and verification is just a bit too low to recommend it to an average user, without a lot of caution. You’ve mentioned some alternatives that fall on different points along the spectrum of delivering software. Something like flatpak is a much more reliable tool in the hands of someone who just wants a GUI app and not think about how it gets to their desktop. For everything else that isn’t part of your distros repositories, there’s really not a good noob-friendly solution that doesn’t carry a big potential risk. Most distros have third-party repositories that use the same underlying tools to deliver software, but are less strict about QA and stuff. This is kind of a bad fit for rolling release distros in my opinion and is probably one of the reasons the AUR is so hands-off and DIY oriented.
There’s probably a better way to handle this, but I don’t think it’s an easy thing to solve (especially for the rolling release model) and the AUR isn’t really appropriate for mass-consumption by average users. Also, there will always be a certain point beyond which you’re on your own, it’s just not feasible to have reliable, safe, distro-agnostic packaging for every piece of software out there.