116
Arch Linux Blocks New AUR Registrations Amid Malware Cleanup
(linuxiac.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 16 Jun 2026
116 points (98.3% liked)
Linux
13986 readers
691 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
The entire philosophy of Arch is to put user in control. The PKGBUILD format is plain-text and reviewable. The documented best practice has always been to read the PKGBUILD and the .install files before building.
I'm not saying they shouldn't look into measures to make it less prone to such attacks, but "take it down" is a very stupid take. If people can't deal with the existence of AUR, there's plenty of different distros to choose already.
In control of installing malware?
I get what you mean, but people are stupid. There needs to be guardrails to prevent these things from happening. That's why the AUR is a bad idea and it should be shut down.
You want your software to be available for a distro? Go through the proper channels. Submit it for review and get it approved. If you stop maintaining it, they remove it. Plain and simple.
That's why you don't have this problem with other distros. Arch made it too easy to download and install unverified, untested, potentially malicious software through the AUR and now every idiot that thinks they know what they're doing are infecting their systems.
https://archlinux.org/about/
Versatile, sure.
But Arch is anything but simple. The proof is the number of Arch spinoffs that were made to make it easier to install and use.
And any distro cam for competent Linux users. I mean, Linus Torvalds uses Fedora. I don't think theres a more competent user than him.