i long have been a fan of the aur and arch, but things like this make me consider debian again.
On Debian the equivalent to using the AUR would be adding 3rd party apt repositories or manually installing a .deb that you downloaded from some random site on the internet. That is just as vulnerable to the same kind of attack. If you stick to the official repos on Arch, you are just as safe as if you stick to the official repos on Debian.
One could even argue that arch is more secure by providing a central platform like aur, as that's what allows them to look for malicious packages now.
this post was submitted on 12 Jun 2026
20 points (100.0% liked)
Linux
5338 readers
1 users here now
Shit, just linux.
Use this community for anything related to linux for now, if it gets too huge maybe there will be some sort of meme/gaming/shitpost spinoff. Currently though… go nuts
founded 3 years ago
MODERATORS