238
Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)
submitted 1 week ago by cm0002@lemy.lol to c/linux@programming.dev
61 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Solemarc@lemmy.world 15 points 1 week ago

Hilarious that it's JavaScript again, truely npm, pypi and cargo are obvious targets. Also, guys, minimise your usage of the AUR! I don't use any AUR packages.

Core > Extra > flathub >>>>>>>>>>>>> AUR

Not that core/extra/flathub can't be pwned but it's harder then the AUR.

[-] unglueclass23@programming.dev 2 points 1 week ago

I'm interested why flathub > AUR? I try to minimize AUR usage but always assumed it's better than flathub?

[-] KianaTabion@lemmy.today 7 points 1 week ago

Not the one you asked, but it's a case of priorities:

  • If you want it to just work, then the AUR is probably the better pick. Don't get me wrong, through; most flatpaks should (mostly) work like how you'd expect them to behave natively.
  • But, (Op)Sec-wise, the verified flatpaks win. No contest. Simply, because there's no third party involved in the process. (And I haven't even gone over flatpaks' superior sandboxing.)
[-] MonkderVierte@lemmy.zip 1 points 1 week ago

But mpv-git has some advantages... and edir, bat, rdo still not in the main repos.

[-] anyhow2503@lemmy.world 4 points 1 week ago

Minimizing AUR usage doesn't necessarily mean not using it at all, but I would weigh those advantages carefully against the risk it brings. I would also recommend the people who don't know what they are doing to not use it at all.

this post was submitted on 12 Jun 2026
238 points (100.0% liked)

Linux

14082 readers
329 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev