I feel like these headlines are designed to be way scarier than the scenarios actually are to people that don’t know much about Arch Linux.
I think it’s a good thing to frighten users just a little bit. Arch is no longer a niche distro and it was only a matter of time before someone took advantage of the generally unvetted AUR. It’s a wake-up call that the times of good faith are gone and you need to pay attention.
Just tell them to read the arch wiki page on AUR and take it seriously, IMO
deleted by creator
It is a well known risk but not something that was a real risk numerically. I mean, it still isn’t given the number of packages in the AUR.
This is a couple of malicious packages discovered in a short period though. Not a good sign. It was really impact the AUR if polluting it with malware became common.
You should always inspect AUR packages before installing them but few people do. Many would not even know what they were looking at.
deleted by creator
God I hate those. The worst way to distribute apps.
deleted by creator
