Linux

14056 readers

408 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

129

Arch Linux AUR Hit By Another Wave Of Now More Sophisticated Malware Attack (www.phoronix.com)

submitted 1 week ago by cm0002 to c/linux@programming.dev

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Meshuggah333@piefed.world 37 points 1 week ago* (last edited 1 week ago) (2 children)

The question here is why the f' didn't they shut down AUR packages takeover procedure? It makes no sense facing an attack of such a large scale.

[–] caseyweederman@lemmy.ca 4 points 1 week ago

It's the USER repositories. If you go, right now, to aur.archlinux.org, the very first section on the page after the header says

DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.

That's always been there and every official messaging I've ever seen about the AUR has conformed. Read the changelogs because everything in the AUR is just a shell script some stranger wrote.

[–] excel@lemming.megumin.org 2 points 1 week ago

Why should they? AUR is still working as intended. It’s basically a public wiki of shell scripts, it was never intended to be secure in the first place. It has always been the user’s responsibility to review everything or avoid using it.