Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages (www.phoronix.com)

submitted 4 days ago by steam_lover@sh.itjust.works to c/archlinux@lemmy.ml

25 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] SenatorCollins@aussie.zone 2 points 4 days ago

Oh, very rigorous software engineering standards.

[-] A_norny_mousse@piefed.zip 3 points 4 days ago* (last edited 3 days ago)

That's not what the AUR does. They simply provide a platform for users to share build scripts. There isn't much they can do beyond trying to vet accounts based on flimsy metrics, or weeding things out every now and then.

The problem is that some people and even distros treat the AUR as a trusted source of software.

All user repositories (javascript, Python etc.) suffer from malware btw.; the AUR is different in that it explicitely puts the responsibility of building packages on the user.

...

~~I'm still missing some palpable information about these injections/malwares.~~
https://bbs.archlinux.org/viewtopic.php?id=313892

[-] SenatorCollins@aussie.zone 0 points 4 days ago

Absolutely ludicrous. These are very very strong packages.

this post was submitted on 13 Jun 2026

75 points (100.0% liked)

Arch Linux

9787 readers

15 users here now

The beloved lightweight distro

founded 6 years ago

MODERATORS

k_o_t@lemmy.ml