AUR compromised
feels good not being an Archcel
:(
>AURlol
Debian chads can't stop winning.
>>109040725Will this affect Steam OS?
>>109041034Steam OS is Arch so yes
>>109040725>AUR compromisedDamn. Must be a day that ends in y.
>>109040725>just trust everything to your package manager bro>you don't need installers bro>just let unpaid jannies and corporate shills handle everything bro>just let your software do everything autonomously bro>it's so convenient to sudo pacman -Syu browinbros we won!
>>109041034No. Using AUR sucks on arch, you have to manually update the packages you install from there. On SteamOS it's basically impossible without breaking updates or using pacman in user mode which nobody does.>>109041189pacman -Syu is not capable of touching AUR packages. They are installed and updated with pacman -U
>>109041034That is you use pacman/yay/paru to get something you need from AUR, pretty sure when steam os comes officially for desktop is probably going to use flathub to install app that you need.
I'm just now noticing that the arch logo is a meaty bald mans silhouette coming through a doorway to rape someone
Daily reminderAUR>AUtistic>RetardAUR = Autistic Retard
Welp I'm glad my distro ain't as popular as Arch to get so constantly targeted like this
>>109041054Why are you lying on the internet? Steam OS doesn't use the AUR at all.
>>109041689>ain'tShartix user?
>>109041189The AUR is not Arch's package manager, the disclaimer on pic related has always been there too.
>>109040725script here to check for potentially pozzed packages on your system https://cscs.pastes.sh/aurvulntest20260611.sh
>>109041189aur is not official packages its just like windows where all the software is from randos
this is what happens when you invite gamers and normalfags into your ecosystems and user spaces. people have been confused for decades as to how "linux doesnt have viruses", and it's one of those things where if you have to ask, you're probably not a linux user, and the answer is probably that it was always thanks to you and your type NOT being there. linux user communities are high-trust spheres, where everyone "wants" to be there and may have deep disagreements about various things, but share an essential nerdiness. if you just bring every winfag gamer and facebook-machine type computer user into linux en masse, linux will start being plagued by the same problems. duh. gatekeeping ftw
>>109041755lol
>>109041755kek
>>109041755thank you saaar i have redeemed the bashful
>>109040725This really isn't that hard to address. A user who suddenly is managing dozens or hundreds of packages of disparate tools or applications should be immediately flagged. At best they're using AI to produce shit code.
>>109041034>Will this affect Steam OS?no it's only the 3rd party AUR (arch USER repository)>>109041054>Steam OS is Arch so yesSteamOS doesn't even use the AUR. It's a very minimal base with Steam included, you download everything else via Flatpak (Discover Store)
>>109041754Normie arch distros like Cachy don't need to see that page, they a convinient helper so you just mass select 2000 packages and press enter
>>109042751Normies shouldn't be using arch.
>>109040725This is what you get for using a tranny OS.
>>109042777CachyOS is designed to be a normie gaming distro with it's AUR helpers and download managers and othef shit that don't require the user to read ANYTHING and if something breaks "just hop in the Discordâ„¢ :)" to get help
correct me if wrong but this is a big deal only if you updooted in the last 3 days
>>109042848That's great, but it's stupid.
>>109042861not necessarily. we dont know the extent to which aur is infected yet, and it raises trust chain issues that are pretty big. like who knows how deep it goes>>109042807eh what else am i meant to use. i thought debian was the trans os because theyre all about pride
>>109042861>correct me if wrong but this is a big deal only if you updooted in the last 3 daysThat's probably the case, but if you never audited a PKGBUILD and you rely on less popular AUR packages you might be at risk.
>>109043172i honestly thing auditing aur packages is too much to ask of most users because theres sophisticated attacks that can easily go unnoticed, and obviously everyone is just using yay
>>109040725>uses "bleeding edge" distro>acts surprised when he gets cut and bleedslol
>>109040725all of this were orphanaged / dead packages300 people got pwned of the millions of arch users
>>109041189Except you're wrong. Pacman, the package manager, is just fine. Anyone blindly using AUR without actually auditing the PKGBUILD deserves what they get. This is basically the equivalent of downloading random exe files from people on 4chan and running them without a virus scan. I have 2,000 packages installed on my main Arch laptop and 0% of them are infected because I don't use AUR. If it's not in the pacman repos, I build the package from source like any other distro. A user-run software repository has never been a good idea.
>>109043963how do you manage updates for a bunch of source packages? just curious because for me i dont like spending a lot of time updating my system. on android i just use obtanium for example, so i wonder if theres a source manager thats not aur for arch or linux in general
>>109040725The usual in the FOSShit community
>>109043732This. The majority are literally who packages. The only less literally who package was the alvr that allows you use vr headset or some shit. The problem is that with AI, the number of malware vibecoderfags has increased exponentially, so AUR needs to figure out some sort of a defence line, like a team of dedicated jannies who will take their time to approve package updates to non verified packages.Also, the fact that everyone was able to "maintain" orphaned packages, was eventually going to backfire at AUR team
>>109040817oh look time traveler from 2022
kek archoids learn their place
>>109040725The AUR is as safe as downloading random .exe packages from the internet. Only retards fell for it.
Currently around 1600 infected packages.>>109043732That's a wrong way to approach it, orphaned just means the guy who used to work on it doesn't feel like working on it anymore, some of those orphaned packages are still popular / or used to be popular but helpers are still fetching updates.
>>109044065Erm actually Trixie stable was frozen in time in 2025, it's not that old, yet.
>>109042807Windows has over 2 million trans developers and over 3 million pro-LGBT devs. You are a cuck. WINDOWS IS ONLY FOR TRANS. Install Artix Linux and STFU cuck.>Linux; hetero white Finnish man CEO>Microsoft; gay Indian CEO>Apple; gay Indian CEOLet's see developers and community>Linux; hetero white male community + 12 trans devs in some unofficial website>Microsoft; gay brown feminist community + 2.3 million trans devs + 350 million LGBT DEI devs in official website>Apple; gay black woman community + 1.2 million trans devs + 230 million LGBT DEI devs in official websiteAlso Windows (yes, even your 7) and macOS have worse cucklicense and worse code of conduct. Both also non-free proprietary spyware.https://unlocked.microsoft.com/pride/https://www.apple.com/newsroom/2025/05/apple-introduces-the-2025-pride-collection/https://tv.apple.com/us/room/celebrating-pride-lgbtq-life-belongs-on-screen/edt.item.6262ef1e-d329-4fac-95fb-db2078e35e59https://community.brave.com/t/brave-image-search-is-woke-bias/534929/3https://community.brave.com/t/two-book-pirating-sites-come-up-first-in-search-for-a-book/406913https://community.brave.com/t/acceptable-ads-alternate-lifestyle-support/64225https://community.brave.com/t/search-results-lean-left-by-default/522705/6https://community.brave.com/t/disturbing-image-on-ios-home-screen/589158/4Brave is proprietary https://pride.google/ Chromium spyware without reproducible binaries. Provided "source" is not related to the project itself and you can't compile Brave from that. If your Brave has brand including "Brave" text and logo, then your Brave is proprietary and spyware.
