this post was submitted on 13 Jun 2026
255 points (99.2% liked)

Technology

85420 readers
6332 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
255
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages (www.phoronix.com)
submitted 1 day ago by rafssunny@lemmy.zip to c/technology@lemmy.world
59 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Buffalox@lemmy.world 65 points 1 day ago (4 children)

I've seen AUR warned against often, also by Arch team members.
I never thought it was a huge deal, but apparently anything that can be attacked will be attacked nowadays.

[–] Holytimes@sh.itjust.works 18 points 1 day ago (1 children)

This is what happens when a shit load of packages that just sit around basically unmaintained are allowed to sit around.

[–] Buffalox@lemmy.world 3 points 1 day ago

Maybe injecting the infections made it look like they were maintained? 😋

[–] PumpkinEscobar@lemmy.world 9 points 1 day ago (2 children)

I start to wonder if we need something sitting between extra and aur, few more trusted maintainers and well secured update process that’s more than the aur Wild West

Also, some sort of yay hook to do some scanning for suspicious diffs and warning or skipping those packages…

I don’t want / need a system where I can blindly update everything, but something to help me avoid having to visually check every package diff would be nice

[–] Buffalox@lemmy.world 4 points 1 day ago (1 children)

Yes that would be nice, but I'm not sure that is possible.

[–] Cethin@lemmy.zip 2 points 17 hours ago

Their first option is possible for sure. Just something like the AUR, but that you need a proven record (either on the AUR or on something else) to post. That shouldn't be too hard.

[–] turkalino@sh.itjust.works 3 points 1 day ago

I feel like this could be a use for LLMs that isn’t slop. It’s not going to catch everything of course but I imagine it would be a whole lot better than nothing

[–] cattywampus@lemmy.world 3 points 1 day ago

Yeah if your machine can be added to a botnet then it will be. Resistance is futile, we are Borg style.