I appreciate the article explaining the AUR repository. I'm still a linux noob and always thought AUR is the official repo for arch based distros.
this post was submitted on 22 Jul 2025
30 points (100.0% liked)
Pulse of Truth
1421 readers
153 users here now
Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
founded 2 years ago
MODERATORS
I was learning too and I was trying to wrap my head around the security implications of the AUR. It's like ok don't run anything new without votes and comments but you are still running random scripts. I suppose it's not much different from running an exe file but in windows you have anti virus. On Linux you are the anti virus apparently.
Yeah the debate on whether linux would need an antivirus is bit difficult. I feel like experienced linux users forget that there is a huge amount of people between "I only need browser and libreOffice" and "I can confidently review the source code and scripts of a package" that want to switch to linux.
I know the first line of defence is you, the second is linux permission system, but the third is missing to my limited knowledge.
Ny understanding is that ClamAV is for scanning windows viruses on linux and don't know about any other linux virus scanning software. The userbase growing is bound to bring more linux desktop targeted malicious software.
Worth mentioning that the packages that had malicious code were not the most downloaded.
It wouldn’t be much different than adding a Firefox Patch on an App Store and hoping people would download it instead of the official/most popular one. Same works for a browser extension.
Still an issue and all but probably much smaller impact than I initially thought when I started reading the article and panicking I may had been affected.