this post was submitted on 12 Jun 2026
252 points (99.6% liked)

Technology

85355 readers
4450 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
252
400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers (cybersecuritynews.com)
submitted 20 hours ago by rafssunny@lemmy.zip to c/technology@lemmy.world
75 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Mwa@thelemmy.club 0 points 19 hours ago (1 children)

I wish Arch packages as much in their repos as Debian.

[–] caseyweederman@lemmy.ca 2 points 19 hours ago* (last edited 19 hours ago) (2 children)

I think there was a word missing.
To respond to what I think you were saying, this event happened in the Arch User Repository, and not the official repositories.
Arch is very clear that they are not responsible for what goes on in the AUR. For example on https://aur.archlinux.org/ :

DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.

The Debian equivalent would be somewhere between extrepo and PPAs.

[–] stealth_cookies@lemmy.ca 7 points 18 hours ago (2 children)

I think the comment makes sense, if more packages were supported on the main Arch repos there would be less of a need to use the AUR or Flatpaks.

There are definitely some big gaps on the Arch repos (web browsers in particular) that I would like to see improved.

[–] sonofearth@lemmy.world 1 points 1 hour ago

Yep an easy agree. Popular browsers like Zen, Helium and (god forbid) Brave should be directly in the official repos. So should be Jellyfin. It just makes sense given that debian repos have far more packages.

[–] caseyweederman@lemmy.ca 0 points 18 hours ago (1 children)

You're right, but web browsers can be pretty brutal to build and they are for sure never going to add -bin versions.

[–] stealth_cookies@lemmy.ca 2 points 7 hours ago

I don't understand this argument. Isn't it better to build once and distribute binaries than to make everyone compile it themselves? The vast majority of AUR packages I use are -bin versions.

[–] Mwa@thelemmy.club 1 points 19 hours ago* (last edited 18 hours ago)

maybe i went offtopic but i was comparing the AUR To Debian's repos, i see that Debian has more packages in its repos(things like Llama-CPP and Open arena is in debian but arch needs the AUR)
thats what i meant