Do you use the Open Build Service?

Hello,

I was watching a video on Youtube the other day where they were talking about the AUR in Arch, and whether you should use it or not if you care about security. And if you do want to use it, you should at least know how to read PKGBUILDs.

It got me thinking, what does everyone here think of the user repositories from the Open Build Service? Do you have anything installed from OBS or do you avoid it? I’m still new to OpenSUSE so I would love to know what you guys think.

Personally I only have one package from OBS, that being CoreCtrl. Everything else is either from the official repositories, Packman, or Flathub.

1 Like

@ingordin I have my $HOME with publishing disabled, so if you want a package, then you need to login/download :wink: to avoid the very issue…

If the package is of interest to you, not in Tumbleweed, just ask the $HOME user to look at maintaining and push to a development repository, then Factory… Or you can do it, then the $HOME user gets to decide via the Submit Process…

I do, just my own stuff…

3 Likes

Is this specific program safe to use (corectrl by Dead_Mozay) ?

I see this project available on official fedora repo. Can we add the fedora repo and use the package from there in tumbleweed without issues?

@Paru So I’ve been using CoreCtrl for years now and I’ve never had problems with it, but I always got it from the official repositories from which ever distro I was using in the past. Now with OpenSUSE though, I had to get it from a user’s repository (Dead_Mozay) so I don’t know if it’s “safe,” but so far, no problems on my end.

As for adding a Fedora repo, from what I read, packages made for Fedora can sometimes work on OpenSUSE, and sometimes they don’t. You could give it a try I guess, might work fine for you, but personally I would like to only use things made to work on OpenSUSE.

I’m actually surprised by all the negative posts towards the OBS I have read recently. I thought it was the go to for getting packages that are not part of the main repos.

I used a couple of user repos without issues over the last few years – Dead_Mozay being one of them – but currently I only use the paul4us repo for their Klassy package.

@Bird Security… :wink:

So if that package is important (remember they may not know, I don’t for my packages…) So ask the user if they will submit to a development repository and on to Factory…

@malcolmlewis Speaking of security, do you use flatpaks?

I’ll admit I don’t know a lot about how flatpaks work (especially when it comes to security), but from what I’ve heard, they seem like a good option for when the package you want is not in the official repositories.

@ingordin I do use flatpaks (as my user only) as well as flatseal for setting permissions/access. Mostly on my MicroOS/Hyprland setup…

Klassy tampered with something in zypper, I kept getting repo timeout errors and unsigned repomd messages.