Linux

13955 readers

605 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 3 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

218

Arch Linux AUR Malware Campaign Hits Multiple User-Contributed Packages (linuxiac.com)

submitted 1 day ago by cm0002@lemy.lol to c/linux@programming.dev

64 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Solemarc@lemmy.world 12 points 19 hours ago (2 children)

Hilarious that it's JavaScript again, truely npm, pypi and cargo are obvious targets. Also, guys, minimise your usage of the AUR! I don't use any AUR packages.

Core > Extra > flathub >>>>>>>>>>>>> AUR

Not that core/extra/flathub can't be pwned but it's harder then the AUR.

[–] unglueclass23@programming.dev 2 points 15 hours ago (1 children)

I'm interested why flathub > AUR? I try to minimize AUR usage but always assumed it's better than flathub?

[–] KianaTabion@lemmy.today 5 points 12 hours ago

Not the one you asked, but it's a case of priorities:

If you want it to just work, then the AUR is probably the better pick. Don't get me wrong, through; most flatpaks should (mostly) work like how you'd expect them to behave natively.
But, (Op)Sec-wise, the verified flatpaks win. No contest. Simply, because there's no third party involved in the process. (And I haven't even gone over flatpaks' superior sandboxing.)

[–] MonkderVierte@lemmy.zip 1 points 18 hours ago (1 children)

But mpv-git has some advantages... and edir, bat, rdo still not in the main repos.

[–] anyhow2503@lemmy.world 4 points 17 hours ago

Minimizing AUR usage doesn't necessarily mean not using it at all, but I would weigh those advantages carefully against the risk it brings. I would also recommend the people who don't know what they are doing to not use it at all.