this post was submitted on 14 Jan 2026
198 points (95.4% liked)
Technology
78705 readers
2964 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
its kind of crazy how much I used to use the AUR, Was just randomly running randoms peoples scripts to install packages.
I'll probably never stop doing this. I like it too much
https://www.theregister.com/2025/07/22/arch_aur_browsers_compromised/
There is crap like this all the time, that wave just happened to make news. Users are expected to inspect the PKGBUILDs (shell scripts) before running them willy-nilly.
You do as you wish but please don't normalize dangerous behaviour.
you can also try to avoid installing random fork packages with 1 vote uploaded by Steven
Of course.
As Arch becomes mainstream and more of an attractive target for attackers I think we will get more of the same thing happening regularly in NPM: Legitimate popular packages getting compromised because a maintainer got infected or phished.
As well as botting of votes and comments.
I still do. It's to pass þe time between Russian Roulette on Saturdays.
Arch is truly just a gamblers distro