Uh oh!
OpenBSD doesn't have this problem
>>109038138Linux is such a mess it's almost want you to switch to BSD. Kernel is in fire. Troons are destroying everything. Rust cult is ruining shit. AI slop is getting admitted into Kernel too... wtf are they even doing ?
>>109038138>AURSelf-inflicted problem.Also, buy an ad.
>>109038151Linux became large enough that corporate interests completely took over. Linus was brought into line via threats about the consequences of his behaviour and with the help of his daughter, who's an ultra-woke useful idiot. Red Hat, Microsoft, Google et al now control the project and they are not companies with your best interests at heart.
>>109038211So he turned retard, great fucking amazing...
>>109038205AUR is literally the only reason to use Arch
>>109038138interesting...Windows does not have this problem.
>>109038151the fuck are you blabbering about
Good. People have been abusing FOSS for too long. This is the future everyone invited by not paying up or hiring people to give a shit. I hope more retards get hacked by bad supply-chains. >>109038142It also has no users, tardo.
>>109038242 go and read what is happening with hardware and software these days you are deep in the ocean with some nigger underneath you.
>>109038211And FreeBSD gave commit bit rights to corps to shit up their kernel with little oversight. Remember the wireguard port was so bad and scandalous, the original Linux kernel author had to clean it up for free. Any *BSD retard talking shit about Linux is ahistorical and just a contrarian incel.
I vividly remember Archfags being overly smug a couple weeks ago when other Linux distros got hit.This is exactly why infighting is fucking retarded.
>>109038211None of that has anything to do with the AUR, retard.
>>109038262>u-ur trans!!Triggered.
>>109038266this has nothing to do with the security of AUR packages, take your fucking meds
>>109038303faggitor... why do you even go to g ?
>>109038138Debianchads rise up!
>>109038309he's right though. It has nothing to do with AUR, in fact, this same problem would happen to [insert your favorite system] if it had real users who gave a fuck.
>>109038256Good, the less users the better. Arch was asking for this to happen with all the retarded normies that flooded in thanks to tard tier distros like CachyOS.
the loudest people in this board are arch users, you don't see other posters here because they're actually busy doing work instead of ricing their retarded os with unverified packages made by literal whos
>>109038323tards aren't the target. people want login credentials to shit like AWS, Claude Code, ssh keys, etc.
>>109038332this...troons have nothing to do only talk about gender and fixing arch.
>>109038138Thanks for the heads up OPIt's like 900 packages nowhttps://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/someone is using an AI agent to take over all the orphaned AUR packages and pwn them
>>109038229If the Arch community won't mandate restrictions for AUR maintainers, then getting mass supply chain attacked because you are an AUR enjoyer is deserved and at your own risk.
https://www.youtube.com/watch?v=jON09taqeZo
Linus should use ai tools to make a gui for linux and have 1 verified recommended OS distribution
>>109038229nope
>>109038340B-but my other /g/sisters told me it wasn't about AUR !!!
>>109038347>Lately, I been, I been losin' sleep>Dreamin' about the things that we could see>But, AI, I been, I been prayin' hard>Said, no more countin' fags, we'll be countin' genders>Yeah, we'll be countin' genders.This is Linus Torvalds these days so you gonna have lot of fun.
>>109038332>busy doing workBe good slave and go work then, I will play games and have fun modifying my dwm in the meantime. Go work until you die, fucking slave.
>>109038351I don't use yay or anything like that, just pacman.When I do get a package from the AUR, I git clone it, review the PKGBUILD, and only then do I makepkg it.That's the only way to use AUR unfortunately without risking your system.AUR should have public key signatures on the git commits, then a tool like yay could let you whitelist keys you trust and refuse to build anything else.Like how Java does with the Maven central repo.No valid signature from a key I trust?No install.
>>109038211Unrelated to AUR. But no matter what the big corpos do, we can always fork the server if it ever becomes bad.You are not able to fork Windows.
>>109038386also, if anyone is listening on the arch team, for fucks sake, can you do rsyncable packages please? like, zst supports it and you could rsync against the currently installed version's archive if it exists. It makes no sense for me to be downloading a half gigabyte of KDE wallpapers because there's one new image in there.
>>109038280I don't remember that, but also, I think you are right that there's no need for us to fight.I think people fighting over choice of distro is stupid. Even non-Linux ones.
>>109038138>looks inside AUR pkgbuilds>it's fucking npm repos getting pwned once morelmao
>>109038340sex on the AUR is non-malicious, apparently
>>109038386Opensuse has that and it even lets you make packages for other distros, you subscribe to a packager and enroll their keys for that package only unlike PPAs.
>>109038529it's always npm...i think webshit was a mistake
fake newswhy do itoddlers like to keep making shit up?
>>109038544I don't have sex so it's not a problem for me either way.
>>109038142cuck license
>>109038284Read the post being replied to, Sanjay. Ask your English tutor to help you if you're struggling with any of the words.
You spooked me abit before I realize it was AURAnd people said I was silly for not installing AUR packages...
>>109038138never had this problem on OpenBSD, I'm running my website on httpd, DNS servers on NSD, SMTP on opensmtpd, I wrote my own REST APIs to manage my OpenBSD server fleet, 50 mb memory usage with httpd and nsd running
>>109038138Windows user here. If you did end up installing one of these packages, how would you go about removing the malware? Will uninstalling the package remove it or does the malware spread to other files? Does linux even have an antivirus that can do a clean up like it can on Windows?
>>109039182no, youd have to completely reinstall and, to be safe, get rid of every file you had and restore from backups. because linux has no antivirus, you have no idea what happened or whether malicious code has been embedded in any of your files (perhaps to exploit a vulnerability with an open source image viewer or something along those lines)its linux's biggest weaknesswhen all goes well and the repos are maintained well, you have zero chance of getting malware unless you go installing random packages you manually downloaded off a websitehowever, if you dont read every single pkgbuild diff (99.9% of people dont) then this can happen and youre just fucked
>>109038584
>>109039214>because linux has no antivirus, you have no idea what happened or whether malicious code has been embedded in any of your files same thing on windows even if you have an antivirus, but it didn't detect it
>>109038138Something like this happened to me on CachyOS.
>>109039182>how would you go about removing the malware?easiest way is to just revert back to previous snapshot this is pretty painless (granted you set it up beforehand), if you're paranoid you can preserve home folder (with all the files and settings intact) and reinstall the fresh base system, or you can just remove the package, and check (and remove) the services and process that might come with it because everything is actually transparent and you actually have full control of your system >Will uninstalling the package remove it or does the malware spread to other files?depends on the malware, although if you're bleeding edge taking over file ownership and escalating privilege is pretty hard for the malware to accomplish (even taking account with all those CVE's which are pretty much all been patched on latest kernel)> Does linux even have an antivirus that can do a clean up like it can on Windows?yes it does https://wiki.archlinux.org/title/List_of_applications/Security>>109039214tf you're on?
>using something that lets anyone just put shit in therehow dumb do you have to be lmao
>>109038138It’s funny maintainers act like AI commits are ruining their projects when they’re all perfectly happy to integrate any random code without even reading it first. Pathetic for any so called developer.
The amount of people that use the AUR without any second thought is truly mind boggling, probably the most unsafe package repo around.
>>109038232>Windows does not have this problem.Yeah, they don't want to pay security researchers what they're owed and have security holes published in the open prior to being fixed.I still remember a youtuber reporting a security hole fixed in windows and he found it happened in another scenario in the same way, reported it to microsoft and they basically told him, WON'T FIX, NOT A BUG, GO FUCK YOURSELF and closed the bug report and didn't fix the issue.
>>109039722uh-oh,freetard had a melty
>>109038138I only used the AUR to install 2 programs years ago and then never touched it again because they run perfectly fine fully offlinewhat do people even need to update the AUR packages frequently for?
>>109038584you WILL have sex (this is a threat)
>>109038138>AURwell that's okay then. if it's official packages then I would be pissed if I were an Arch user. be careful what community packages you install, regardless of distro
>>109038138deserved, only retards use the AUR when you can just >git clone <repo>>cd <repo>>mkdir build >cd build >cmake ../ >make -j >cp ./<bin> ~/.local/bin
>>109038138Why the fuck anyone would use AUR is beyond me
>>109039973>"only retards update 100 things in one click when you can spend the entire weekend building them manually"We already know you have no social life, thanks for spelling it out for us.
>>109040039>100more like 3 don't lie on the internet>We already know you have no social life,say the retard who need AUR to install obscur software no one uses...a normal person have everything they need in the arch repo
>>109039973Good thing it's impossible to push malicious code to shithub.
>>109040133good things most software are barely moving and a very quick glance at the code is 99% of the time enough to spot fishy stuff.I do it on my spare time, I'm paid to do that at work, it's really not that hard and the world would be a better place if we did not have tiktok brained subhumans who carpe diem through life than complain about how nothing ever goes their way.it's really not as time consuming as you think it is.
Mint won.Arch lost.
>>109038138>AURlol
>>109038138Well, we are becoming a low-trust society.
>>109038544I like that the command to look for it on the AUR is "yay sex"
>>109040133the idea is ypu don't fo that very often so you have time to hear about the internet drama when the software gets compromised or the repo is already taken down
>>109040240AUR is just shorthand for Autistic Retard
>>109038142Try to compile random unofficial project that has npm as depency and some random .install script to install malware. You fucking brain damaged retards don't understand that YOU HAVE 100% THE SAME PROBLEM. Only difference is that your OS is 20 years behind Linux and you have cucklicense. stfu
>>109044552>and you have cucklicenseshameful
>>109038232Windows has +30 thousand new CVEs, zero days, rootkits and bugs EVERY MONTH. Fucking retard. Also if you install something from websites instead of official repository, you are even more in danger. Stfu fucking cuck.
>>109039973So tell me; how you don't get the malware when that project has npm as depency and/or some .install script? You have 100% the same problem and it doesn't matter if you git clone from github or from AUR that has that same git as a source YOU FUCKING RETARD.
>>109044560It is. Baby duck with Stockholm syndrome using OpenCuck that doesn't have drivers, no hardware support, slower, more malware, cucklicense, 20 years behind Linux, no games, no work software, no support for anything like bluetooth or fast speed networking etc. It is literally just dogshit with more dogshit and license that makes you a cuckslave.
>>109038332The loudest people on this board are people trolling Arch users.I use Artix btw.
>supply-chain attack! Everybody panic!!!>look inside>node.jsEvery goddamn time. Node.js and people who develop in it are the niggers of open source.
>>109038138this is why I keep two separate computers one thinkpad from 2015 for banking and a modern one for dev work and other stuff. You have to air gap your important life shit there is zero reason to trust repos.
>>109038151>AI slop is getting admitted into Kernel tooIt passes the Linus filter, bro... AI is good now
>>109044585>So tell me; how you don't get the malware when that project has npm as depencyI don't install anything python, js orr rust, they can' t be trusted
>>109038211Linus is a cucked faggot like everyone from his retarded generation, but he does his part well. He's a vaxxie that should tell you everything you need to know, what a dumbass. But it makes no difference to the kernel.
