Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware

Some_Emo_Chick@lemmy.world · 2 days ago

Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware

Sarothazrom@lemmy.world · 1 day ago

does a linux mint-using idiot need to worry about this, hypothetically speaking?

Some_Emo_Chick@lemmy.world · 15 hours ago

Generally not. The AUR stands for Archlinux User Repository. It’s their repo. Unless added as a source manually, you will never see a package from it.

Sarothazrom@lemmy.world · 14 hours ago

thank you!

Syltti@lemmy.world · 1 day ago

This pertains to Arch’s AUR (Arch User Repository). On Mint, nothing you do will interact with the AUR, so you’re perfectly fine.

Sarothazrom@lemmy.world · 14 hours ago

thank you!

mal3oon@lemmy.world · 2 days ago

Currently you can use https://github.com/lenucksi/aur-malware-check to do a check if you’re infected. My main server was safe, still haven’t tested on my wayland machine though, I went yolo with that one. No important keys at least are there.

badgermurphy@lemmy.world · 2 days ago

These guys are slacking! Didn’t they read the RFC for this?

https://www.rfc-editor.org/info/rfc3514/ https://en.m.wikipedia.org/wiki/Evil_bit

Amateurs!

just_another_person@lemmy.world · 2 days ago

They should have some sort of static code scanners on the repos at rest at this point that look for certain patterns and issue warnings.