this post was submitted on 12 Jun 2026

238 points (99.6% liked)

Linux

13976 readers

775 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

238

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 3 days ago by cm0002@lemy.lol to c/linux@programming.dev

71 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] 1984@lemmy.today 1 points 2 days ago* (last edited 2 days ago) (1 children)

It depends. There are trusted well known packages and those can be trusted in my opinion. But I wouldn't install any random package someone made.

And how would moving the packages into official repo solve anything? The reason it's in the AUR is because the arch maintainers don't have time to maintain packages.

[–] bitfucker@programming.dev 0 points 19 hours ago

But the orphaned packages in the official repo can't be adopted by just about anyone