this post was submitted on 13 Jun 2026
123 points (100.0% liked)

Technology

85390 readers
3434 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
123
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages (www.phoronix.com)
submitted 11 hours ago by rafssunny@lemmy.zip to c/technology@lemmy.world
37 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Buffalox@lemmy.world 41 points 10 hours ago (4 children)

I've seen AUR warned against often, also by Arch team members.
I never thought it was a huge deal, but apparently anything that can be attacked will be attacked nowadays.

[–] PumpkinEscobar@lemmy.world 3 points 5 hours ago (2 children)

I start to wonder if we need something sitting between extra and aur, few more trusted maintainers and well secured update process that’s more than the aur Wild West

Also, some sort of yay hook to do some scanning for suspicious diffs and warning or skipping those packages…

I don’t want / need a system where I can blindly update everything, but something to help me avoid having to visually check every package diff would be nice

[–] turkalino@sh.itjust.works 1 points 4 hours ago

I feel like this could be a use for LLMs that isn’t slop. It’s not going to catch everything of course but I imagine it would be a whole lot better than nothing

[–] Buffalox@lemmy.world 2 points 5 hours ago

Yes that would be nice, but I'm not sure that is possible.

[–] Holytimes@sh.itjust.works 10 points 8 hours ago (1 children)

This is what happens when a shit load of packages that just sit around basically unmaintained are allowed to sit around.

[–] Buffalox@lemmy.world 1 points 4 hours ago

Maybe injecting the infections made it look like they were maintained? 😋

[–] cattywampus@lemmy.world 2 points 8 hours ago

Yeah if your machine can be added to a botnet then it will be. Resistance is futile, we are Borg style.