And the AUR is largely possible because of pacman. Debian and RPM packages are very complex, and take a lot of effort to build, so even if there was a large collection of package source files available, downloading and building them is not an especially efficient solution for getting fresh software.<p>Whereas pacman packages are simple enough that an arbitrary package can be built using a single (admittedly quite large) shell script from another single source file.
How robust is Arch? I am tempted to move from Ubuntu for the packaging system but I had bad experiences with Gentoo several years ago which makes me place a high value on keeping a working system without much maintenance or troubleshooting.
AUR is part of the problem that Debian Linux seeks to solve. AUR gets you 32,000 packages with uncertain quality and provenance. It's about two steps from downloading a zip file of binaries off the internet.<p>Debian has 29,000 packages that conform to a set of policies, with careful change control and vetted, active maintainers for each one.
How are things going regarding signing of packages to prevent man-in-the-middle attacks? Looking forward to give arch a closer try, but this is still a big showstopper because I would like to sync while I'm on e.g. an open airport network without the man-in-the-middle security hole.
> For example, if I try Node.js, I do not want the version of last year, but the latest.<p><a href="http://aur.archlinux.org/packages.php?O=0&K=nodejs&do_Search=Go" rel="nofollow">http://aur.archlinux.org/packages.php?O=0&K=nodejs&d...</a><p>That is not a very impressive list.