Really should keep that PPA use to a minimum. They're potentially a source of not just instability but possible malware as you're putting a lot of trust in whoever maintains that resource.

Break your system and it's broken.

How unexpected!

OP hasn't used AUR much

nix flake update
nixos-rebuild --switch --flake .

# Just to keep an update history
git add flake.lock
git commit -m "update"

This may seem like too much work, but it guarantees an all-or-nothing procedure. If some package is broken, the entire upgrade process is canceled, and the system remains in the state that it was.

I have had a couple of partial upgrade cases on Arch. It was not fun live booting to repair it, every time this happened.

When I use Debian/Ubuntu, I prefer installing missing/outdated software from Nix package manager or Flatpaks.

This way, I can keep a stable core, while being able to enjoy all the latest versions of the apps that I need.

I find debian more stable than arch, especially when updating.

presses the big blue 'update' button in GNOME Software in Fedora

ujust update

I saw someone on ml point out that update should come before upgrade

Sauce

update pulls the metadata about your packages (to see if there are new versions, and which), while upgrade applies the patches.

I've never understood why the update part isn't included in the upgrade command, since upgrade is useless without it

Isn't that just topgrade

I'm honestly not sure. https://github.com/ublue-os/bazzite/blob/main/system_files/desktop/shared/usr/share/ublue-os/just/10-update.just

The bazzite motd says use ujust

You don't even have to use the aur are to have breaking changes. Most recently they changed how vlc was packaged. And broke it causing a lot of problems for users.

That's pretty rare. I ran arch for years and my only issues were from AUR or trying to update extremely out of date machines.

Especially because there is no way to limit the packages installed from a PPA AFAIK. If the PPA has a "new" version of NGINX, or of libc, or of Wayland - you get it, too!!!

Absolutely. Ideally you should have zero PPAs. There’s definitely a cost for using this feature. Most commonly it comes in the form of instability when you end up with incompatible or broken packages because the maintainer wasn’t playing an active enough role. YMMV!

I've run arch for years as well. It happens nearly yearly. I've had updates break completely several times. Partial updates. That required significant manual intervention. Etc Etc Etc. Meanwhile my Debian and fedora systems haven't had a hitch in years.

You can set packages from a particular repo to a lower priority so that they are only installed when you expressly ask for them

How does one do that, Wise Zorro?