this post was submitted on 12 Jun 2026
238 points (99.6% liked)

Linux

13973 readers
628 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
238
Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)
submitted 2 days ago by cm0002@lemy.lol to c/linux@programming.dev
71 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] victorz@lemmy.world 9 points 2 days ago

Paru shows you the diffs by default.

I just run paru when I do system upgrades. Very convenient to have one command doing everything in a somewhat safe way.

Of course, inspecting the PKGBUILDs still doesn't protect us from having the actual software repositories compromised. Just because only the source hash changed doesn't mean the software doesn't have malware now.

That's where I draw the line regarding trust. I don't feel like going into to each release of each AUR package I have installed to check code to see if malware was injected. ๐Ÿ˜