PPAs have not undergone the same process of validation as regular ubuntu packages. End users install PPAs at their own risk. Although each key is cryptographically signed, in order to confirm an uploader, keys are not matched to specific individuals, except via their "launchpad" accounts.
Subsequently, installing a PPA should be considered to be a low-security alternative as compared to the main repository, but marginally higher security than simply installing software at random from the internet. As part of adding a PPA, you trust the developer to not only install packages, but also to allow them to provide ongoing updates."
This pretty much sums it all. It's not matter of hostility towards PPA or trying to keep things oldskool. With all effort towards signed, verified packages, reproductible builds etc. adding functionality like PPA is for me nothing more as installing "shareware" windows apps from random sites.
Building packages by yourself is not that hard especially with fpm or checkinstall.
PPAs have not undergone the same process of validation as regular ubuntu packages. End users install PPAs at their own risk. Although each key is cryptographically signed, in order to confirm an uploader, keys are not matched to specific individuals, except via their "launchpad" accounts.
Subsequently, installing a PPA should be considered to be a low-security alternative as compared to the main repository, but marginally higher security than simply installing software at random from the internet. As part of adding a PPA, you trust the developer to not only install packages, but also to allow them to provide ongoing updates."
This pretty much sums it all. It's not matter of hostility towards PPA or trying to keep things oldskool. With all effort towards signed, verified packages, reproductible builds etc. adding functionality like PPA is for me nothing more as installing "shareware" windows apps from random sites. Building packages by yourself is not that hard especially with fpm or checkinstall.