this post was submitted on 15 Jun 2026
67 points (98.6% liked)

Linux

13986 readers
533 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
67
Russian Spam & Profanities Are Now Plaguing The Arch Linux AUR (www.phoronix.com)
submitted 1 day ago by cm0002@europe.pub to c/linux@programming.dev
15 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] TwilightKiddy@programming.dev 29 points 1 day ago (1 children)

It's an easy way to get packages distributed across Arch. It's especially useful for new software because getting approved for mainline Arch repos is a pain.

The issue is the fact that it was created before widespread adoption of Arch and thus security is a bit lackluster.

When you use it, the first thing you'll see is "read all the PKGBUILDs before installing!!!" written all over the place, PKGBUILD being the bash script that gets the package into your system. And when Arch was that scary and unapprochable distro used by the nerdiest of nerds, everybody did exactly that and it wasn't an issue.

Nowadays a lot of people who are a bit less than consious about their decisions hop on Arch and use stuff like AUR without thinking what exactly they are doing. The results are all over the news outlets.

Maybe it'll lead to AUR creating stricter policies for maintainers, sad, but I doubt it can exist in it's current state otherwise.

[–] Airfried@piefed.social 0 points 9 hours ago (1 children)

I would bet even careful Arch users don't sift through every repo they have installed during every system update to make sure nobody tinkered with an older one today. Some may have written elaborate scripts that warn them when for example the owner of a package changed but that's probably less than 1% of even just older Arch users. If it even exists at all.

I don't think this is just a growing skill issue. I suspect the main reason this seems to happen more frequently is mere popularity. More popular means there's more to gain for bad actors.

[–] TwilightKiddy@programming.dev 1 points 9 hours ago

Not sure, I read all the diffs when I was using Arch. It's scary otherwise. I also put effort into minimizing the number of AUR packages I use, though.

But it getting more popular, of course, also plays a role, but I'd argue it's the same thing. There are only so many nerds out there, for it to get more popular it has to reach to a broader audience.