15 daysSo 0.28% of the 140’000 packages?
Seems like not that much.
How many malicious packages are on Googles Play Store?
I agree that that isn’t a lot of packages but it matters more which packages were compromised. Some random package like ten people have installed? Who cares. yay or spotify? We might have some problems.
Edit: after looking at the list some look fairly concerning. I’d definitely be doing a diff on my packages and the list of the compromised packages if i used Arch, btw.
- 15 days
Oofta, like this is so vexing…Shows that Linux is getting a bit too much attention these days. I don’t use the AUR specifically, just Chaotic-AUR and Extra, still ran that Fish script on Garuda Linux in case something snuck into my PC. The PC is clean as a whistle, thankfully. Malicious actors can get fucked for all the grief they cause and ruining of the good times of Linux enjoyers!
- magnue@lemmy.worldEnglish15 days
If this was 10 years ago I’d change my profile picture on Facebook to mark myself safe from the AUR malware.
For those who only have a few AUR packages installed, if you looked at the list and are still concerned, you can view the changelog at
https://aur.archlinux.org/cgit/aur.git/log/?h=yourpackagenamehere. If it was secretly malicious but got missed, you’d see it there.- bluesquid0741b@aussie.zoneEnglish15 days
Every time I’ve had an arch distro (not often as I prefer to avoid them) and go to install from the AUR, I get to the point of checking the PKGBUILD and think “oh yeah, forgot about this” and just abort.
- HaraldvonBlauzahn@feddit.orgEnglish14 days
For people that just want to install packages that are not included in the Arch distro, and don’t have the knowledge or time to review PKGBUILD files:
Have a look into the Guix package manager. It works fine on top of Arch, and Guix has 31,000 packages now. Great for cross-language development and also suitable for early sharing of projects. npm support is a bit weak though, but packages written in Python, Rust, or functional languages are well represented.
