116
Arch Linux Blocks New AUR Registrations Amid Malware Cleanup
(linuxiac.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 16 Jun 2026
116 points (98.3% liked)
Linux
13986 readers
691 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 3 years ago
MODERATORS
No, it's actual reality. There are more than a hundred thousand packages in the AUR. There are explicit warnings that these are user content and should be used with care.
And now a miniscule percentage (~1%) of orphaned packages, so those with very little interest in, are taken over by some malicious actors to spread malware.
And people suddenly pretend like this is a catastrophe for Linux (no one cares) and for Arch and it's derivates (who don't operate the AUR be definition and explicitly warn against using it without caution). If I told you that not 1, but 10% of the most obscure software packages you can download and install on Windows are pure malware, you wouldn't even blink an eye. And yet all the morons now come crawling from their caves flooding everything with memes and bullshit of "haha, now we know you lied to us and Linux isn't secure at all!".
I think we should be proud. Linux is finally large enough to at least sort of get "hit" by a malware campaign, and it demonstrates the ease with which thousands of infected packages can be cleaned, because they are centralized to a few repositories. M$'s only bet would be to update Defenders' index and cross fingers that the signature doesn't change.
Windows malware is always way out of control of M$, while that's also the norm of uninfected programs.
Almost all Linux programs are by design installed from a central repo.