445
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 19 Jun 2026
445 points (100.0% liked)
Technology
85574 readers
3000 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
The Windows equivalent of this would basically be the discovery that a bunch of apps on the Microsoft Store were infected with malware.
This really sucks for people that migrated to Linux without becoming Linux experts, and chose a friendly distro based on Arch that came with the AUR, like the often-recommended CachyOS.
The packages on the AUR are all user created. It's not really comparable to the Microsoft Store.
Is the Microsoft Store not full of apps not created by Microsoft?
It's apps approved by Microsoft. They only made a small fraction of them.
And the AUR is not currently accepting registrations, so some degree of vetting is clearly happening in both cases. I don't know how stringent for either.
This wasn't supposed to be a perfect one to one comparison, just an interesting sidenote lol
AUR is not the official repository. Its more like downloading a virus from Mlcrosoft.com.
The AUR is hosted on https://aur.archlinux.org/.
Just like how Microsoft hosts the Microsoft Store.
You mean like this?
https://www.howtogeek.com/788382/beware-of-malware-in-windows-apps-on-the-microsoft-store/
If it was the actual apps and not just look-alikes, yes.
There is a reason why the arch community had such a bad reputation when it came to newcomers, they were gate keeping good technical knowledge of the system. It had the side effect that most people became royal dicks on the forums and stopped being helpful, but it did have what I would consider the intended effect of people being wary of everything they did on their system.
I find the easy arch distros to be fairly interesting since my recommendation has always been that anyone who wants to daily drive an arch distro should install arch through command line at least once and read about the packages they use. I personally run endeavor os, but I started by doing the leg work, which led me to the conclusion that I prefer flatpaks over aur if it is available because they are far more easier to maintain good security practices on.
I think that's a silly thing to say given that the arch wiki is the most comprehensive source of up to date technical Linux knowledge available to everybody. If you mean support for people on the distro itself, it does explicitly market itself to people who are already knowledgeable and willing to be their own support, so idk what you'd expect
CachyOS is completely 100% unaffected UNLESS people chose to install applications from the AUR.