20 points | by fortran77 9 hours ago ago
3 comments
Very misleading title. AUR "recipes" are NOT official Arch Linux packages. Basically anyone can upload stuff to the AUR. Users are expected to read and understand the AUR PKGBUILDs before trying to build them.
"Over 900 packages infected in a repository anyone can upload to, it just has to be compatible with Arch"
https://news.ycombinator.com/item?id=48500447
“AUR packages compromised with Infostealer and Rootkit” (ifin.network)
257 points | 15 hours ago | 189 comments
Very misleading title. AUR "recipes" are NOT official Arch Linux packages. Basically anyone can upload stuff to the AUR. Users are expected to read and understand the AUR PKGBUILDs before trying to build them.
"Over 900 packages infected in a repository anyone can upload to, it just has to be compatible with Arch"
https://news.ycombinator.com/item?id=48500447
“AUR packages compromised with Infostealer and Rootkit” (ifin.network)
257 points | 15 hours ago | 189 comments