Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users compromised a lot of packages.
The AUR (Arch User Repository) consists of user-submitted content. It’s equivalent to installing game.exe from somewebsite.com, so not surprising that it would be used as malware vector.
Some are suggesting Arch is being targeted due to rising popularity of the Arch-based CachyOS.
Have to use paru instead of pacman to grab from aur on cachyos too and it isn’t recommended, I think I only ever had blender from there since it worked better with my amd gpu than the official tar, cachyos repo, and the flatpak.
This is the fourth? post I’ve read about it.
The AUR (Arch User Repository) consists of user-submitted content. It’s equivalent to installing game.exe from somewebsite.com, so not surprising that it would be used as malware vector.
Some are suggesting Arch is being targeted due to rising popularity of the Arch-based CachyOS.
Have to use paru instead of pacman to grab from aur on cachyos too and it isn’t recommended, I think I only ever had blender from there since it worked better with my amd gpu than the official tar, cachyos repo, and the flatpak.