Running CachyOS has overall been great for me in the past year but the AUR supply chain attack (or whatever it was exactly) was a little unnerving.
The AUR is very user managed and orphaned packages can be picked up I guess to continue maintenance. Obviously, this can lead to some issues. It's one of the tradeoffs for a heavily user supplied repository of packages. You get a lot of good stuff quickly, but I personally will stick with Debian.
https://cybersecuritynews.com/arch-linux-aur-packages-compro...
I've been CatchyOS curious, but AUR is exactly what's been keeping me using Fedora.
I hope official, veted Arch repositories grow over time.
I was nervous about this too - but it's "just" the AUR. That means it's only unofficial packages, which we should always take great care when installing anyway.
How many packages are you using from AUR vs the official repos though? The official repos have almost everything I need
Yeah I really enjoyed Cachy but the model of using the AUR to install third party applications just seems broken. I don't want to have to trust some random install script maintainer in addition to the 3p app developer. And sadly I don't have the time and attention to spare to review the AUR scripts of apps every time I update.
I switched to Kubuntu to keep KDE (which I really found I enjoyed from Cachy) while using a more stable and familiar ubuntu base. It's not one of the "gaming" distros but I haven't noticed any major drawbacks with the games I play.