255
Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Affected Packages
(www.phoronix.com)
this post was submitted on 13 Jun 2026
255 points (99.2% liked)
Technology
85420 readers
6332 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I start to wonder if we need something sitting between extra and aur, few more trusted maintainers and well secured update process that’s more than the aur Wild West
Also, some sort of yay hook to do some scanning for suspicious diffs and warning or skipping those packages…
I don’t want / need a system where I can blindly update everything, but something to help me avoid having to visually check every package diff would be nice
Yes that would be nice, but I'm not sure that is possible.
Their first option is possible for sure. Just something like the AUR, but that you need a proven record (either on the AUR or on something else) to post. That shouldn't be too hard.
I feel like this could be a use for LLMs that isn’t slop. It’s not going to catch everything of course but I imagine it would be a whole lot better than nothing