Do One Thing Well: Each program should focus on a single task and perform it effectively.

At the moment im not hosting a music server, but used to use Navidrome, it worked fine and used a small footprint.

Having all in one it’s more issues to solve, if something breaks, everything breaks.
Having all on Jellyfin is more convenient.

But adding hundreds or thousands of songs along with movies and episodes will create a huge database, more resources used, slower searches

2026 the year of desktop Linux

Arch also warns uses about AUR, use at at your own risk, and can break your system.

My approach isn’t definitely not the best solution, I was saying this is only the beginning, and with other arch based distros also using AUR only gets worse, if there’s any moderation and some kind of package control before publishing then when thins get real bad maybe too late and arch starts loosing users.

Now is just some packages, later could be some popular package take overs or some kinda spoofing of other packages.

I use arch BTW (since 2011), and Debian Armbian on Raspberry Pi, one is rock solid the other sometimes break with updates

That’s why you shouldn’t blindly trust AUR, and always review the scripts before installing.

But something needs to change:

• packages need to be reviewed (maybe also updates on new/untrusted users)
• New package adoption need to be reviewed
• Trusted users don’t need package review
• Trusted users can review new packages (from other users)

This won’t stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.

2025 is the year of malware on Linux