Linux

13976 readers

410 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

174

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 3 days ago by cm0002@lemy.lol to c/linux@programming.dev

69 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] zelifcam@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

I said nearly and you know exactly what I’m talking about. Either way you have to verify the source and that source is not from the official repos. That’s essentially the same issue using both methods.

Sure, common Debian PPAs might be Docker and NVIDIA because people actually might need recent software with recent features to make Debian usable for them, but I’ve been using Debian since around 2000 and for sure 3rd Party / unverified PPAs are used to circumvent the sometimes awesome but sometimes painfully old software in the official repos.

Both can be abused, both require care. Sure, it’s much easier for a careless user to get caught up in installing from the AUR because it’s so easy to do so, but your take is disingenuous and honestly naive.

rather build from source

Yes, exactly that’s precisely what most are using it for. It’s single file that usually either pulls down some binary somewhere or source from git and builds it. edit: AUR is not something a user can even tap into unless they really want to and add the ability to their Arch install.

I looked over your responses on this thread and I don’t have the energy to go any further with you. You got pissy over the response you got and it shows. You’re dealing with some folks on here that have been using UNIX BSD and LINUX for a very very long time.