this post was submitted on 12 Jun 2026
223 points (99.6% liked)

Linux

13955 readers
620 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
223
Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)
submitted 1 day ago by cm0002@lemy.lol to c/linux@programming.dev
65 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] victorz@lemmy.world 8 points 23 hours ago

Paru shows you the diffs by default.

I just run paru when I do system upgrades. Very convenient to have one command doing everything in a somewhat safe way.

Of course, inspecting the PKGBUILDs still doesn't protect us from having the actual software repositories compromised. Just because only the source hash changed doesn't mean the software doesn't have malware now.

That's where I draw the line regarding trust. I don't feel like going into to each release of each AUR package I have installed to check code to see if malware was injected. ๐Ÿ˜