Linux

13973 readers

532 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

237

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 2 days ago by cm0002@lemy.lol to c/linux@programming.dev

71 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] excel@lemming.megumin.org 17 points 2 days ago (1 children)

The way to prevent it is to get more stuff into the official repos so people aren’t forced to rely on AUR in the first place.

[–] 1984@lemmy.today 1 points 1 day ago* (last edited 1 day ago) (1 children)

It depends. There are trusted well known packages and those can be trusted in my opinion. But I wouldn't install any random package someone made.

And how would moving the packages into official repo solve anything? The reason it's in the AUR is because the arch maintainers don't have time to maintain packages.

[–] bitfucker@programming.dev 1 points 43 minutes ago

But the orphaned packages in the official repo can't be adopted by just about anyone