- 25 days
As an user of the AUR, this is devastating news to me. I am also guilty of accepting updates without reading the latest changes, even if
yayasks me if I want to. This is a reminder to everyone to only install from the AUR for absolutely necessary stuff only, and only if you trust the maintainer. And to at least have a look if something suspicious is going in with the recent changes in the package recipe. AND to read in the communities and news.I don’t understand why there still no official announcement as a warning from the Archlinux team at https://archlinux.org/news/ . Is there a different place for security news specifically about the AUR to subscribe to? EDIT: https://archlinux.org/news/active-aur-malicious-packages-incident/ They did it, an official message.
- 24 days
The AUR is basically just a shortcut for downloading random shit off GitHub.
It gives un-experienced users a false sense of security.

