- 19 days
At least some level of human review is going to be needed.
So… completely negating the point of a User Repository??? Introduce some kind of authoritative oversight, and it’s essentially just another regular repository, erasing all the benefits of the AUR. The whole point of the distro slapping a huge disclaimer of “DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.” at the top of the homepage is because these kind of compromises are the trade-off one makes
- 19 days
I use arch btw, it’s only effecting the arch user repository, which lives separately from the maintained repositories, it’s not even possible to download stuff from there with pacman. Really it’s just a community space, I also have packages there. You can download pre-packaged apps, so if you install them, you will be able to remove them with pacman. I think it’s a great concept.
it’s like a forum where some jerk writes “use ‘sudo rm -rf /’ to speed up the computer”. Except you don’t have to read it to execute their plan.
Flathub is also concerning btw. But at least those apps are containers (with too much permissions)
- 20 days
TLDR: Open package repositories without some approval and oversight system, like AUR, will have even more problems in the future due to advanced coding AI and malicious
foreignhackers.Edit: Please normalize TLDR’s on bot posts with just a link.
Edit 2: I have been rightfully informed that this is not a bot post. I still think links should not be posted without a tiny abstract, one might say: a TLDR.
I have also been informed that the text does not spell out “foreign”. This is correct. The text does say
Not all of the packaging issues are as bad as the initial wave of trying to steal credentials, some are just adding ridiculous messages in Russian.
This implies but does not establish the nationality of attackers. While Arch has contributors from all over the world, it is commonly cited as being a Canadian distribution (example, see below). https://distrowatch.com/table-mobile.php?distribution=arch
I remember the good ole days when nobody cared enough about Linux to spread malware to it. Sigh. All these techbros that need to j their d to their power trips, dystopian surveillance, and shitty AI companies have probably started this. I even noticed a Linux hate sub on Lemmy. Imagine there being enough people forced to use Linux to create a hate community where they favor Microslop. Such strange times we live in.



