Malicious PKGBUILD in the AUR

Question

Malicious PKGBUILD in the AUR

Gabriel Gray

lists.archlinux.org/pipermail/aur-general/2018-July/034151.html
The state of this meme distro.

Attached: 1507121024375.gif (512x481, 402K)

July 8, 2018 - 12:01

Other urls found in this thread:

omgubuntu.co.uk/2018/05/ubuntu-snap-malware
twitter.com/NSFWRedditGif

Jeremiah Gutierrez

Truly the year of linux desktops. You know OS is popular when malicious shit is infiltrating it. Can't wait to get my Premium Antivirus(tm) software installed.

July 8, 2018 - 12:03

Liam Roberts

>open source is good because everyone can contribute
>open source is good because you can see the code and there's no way for viruses to get through

Attached: 1518623523001.jpg (397x363, 32K)

July 8, 2018 - 12:05

Luke Rogers

It's a user repository that anyone can put stuff on. Of course this shit could fucking happen.
That's why they always say that using the AUR is at your own risk.

July 8, 2018 - 12:05

Elijah Edwards

>Malicious PKGBUILD in the AUR
Um...
lol dude, you do know that aur is full of scriptkiddie broken shit right? This has pretty much been literally the ONLY argument against using Arch.

July 8, 2018 - 12:06

Parker Allen

ubuntu doesn't have this problem

July 8, 2018 - 12:07

Zachary Jackson

This was caught, so yes, free software does prevent malicious software from getting through.

July 8, 2018 - 12:09

Grayson Cruz

>lol dude, you do know that aur is full of scriptkiddie broken shit right?
So why have the AUR in the first place? Why not just add the packages to the main repos with some oversight instead of getting Pajeet's son to write the script and upload it to the AUR.

>This has pretty much been literally the ONLY argument against using Arch.
Apart from the fact that the whole point of Arch is being an "hey if it breaks its your fault to fix. we just package the software, works on our machines :^)"

July 8, 2018 - 12:10

Nathaniel Gray

>antivirus

July 8, 2018 - 12:12

Elijah Evans

Your asinine replies bring literally nothing to the discussion, fuck off dipshit.

July 8, 2018 - 12:15

Elijah Martinez

Arch is for Gentooers who couldn't gentoo.

July 8, 2018 - 12:16

Ayden Howard

I asked the question of why we have the AUR in the first place if shit like this is allowed to happen. Is that not a point worthy of discussion?

Attached: cb8.jpg (552x446, 32K)

July 8, 2018 - 12:18

Aaron Diaz

This applies to literally every post you ever make on board. I've never seen you contribute literally anything worthwhile. But then I assume that's your gimmick for getting attention, like most tripfaggots.

July 8, 2018 - 12:23

Benjamin Bailey

lol dropped
switching to NixOS (the best linux distro)

July 8, 2018 - 12:24

David Long

>tfw only use a handful of simple. programs from the AUR on my system
>tfw nothing can slip through, because of my diligence.
>tfw I get most of my packages from repositories hosted by TUs instead of the AUR.

>tfw two of my systems are Librebooted and run Parabola.
>tfw Parabola picks and vets FOSS AUR packages and compiles them then puts them in the PCR repo.

OP is a brainlet faggot.

July 8, 2018 - 12:25

Levi Morgan

Say this happened on Debian sid for example, with someone gaining access to a maintainer's account and infecting say, bash. Thats a pretty popular package and quite a few people (and businesses) are going to download that package before it gets removed from the repos. Sure a lot of people would update it and remove bash, but what is the script were more dangerous, say for it to rm -rf / a system.
FOSS does not mean no intrusions end-of-story, human laziness is still a thing.

July 8, 2018 - 12:27

Andrew Johnson

The can be edited by anyone and is not part of the official repositories.
You can't even compare this to what you're describing.

July 8, 2018 - 12:34

Dominic King

>Archfags justify the existance of AUR because that gives them the illusion of having among one of the smallest repos of mainstream distros is okay
>Turns out the entire thing is a trojan horse itself with scripts that you have to verify it doesn't fuck over your computer or install a malicious package and in the end you might as well just install itself.

Attached: 1528821204870.jpg (1805x1905, 683K)

July 8, 2018 - 12:35

Alexander Hall

I'm not comparing my hypothetical situation to the one with the AUR, I'm implying that FOSS altogether does not equal true security.

July 8, 2018 - 12:38

Alexander Stewart

1 (One) malicious AUR in a year.
vs Tons of malicious executables for windows.
Linux is truly dead

July 8, 2018 - 12:39

John Rogers

>Linux is truly dead
OP is talking about arch linux exclusively. Not GNU/Linux as a whole.

July 8, 2018 - 12:40

Liam Cox

comfy spurdo

July 8, 2018 - 13:58

Isaiah Cruz

>AUR packages are user produced content. Any use of the provided files is at your own risk.

July 8, 2018 - 14:00

Colton Rodriguez

that's why helpers are discouraged
you should read what script you're running

July 8, 2018 - 14:03

Mason Mitchell

orly?
omgubuntu.co.uk/2018/05/ubuntu-snap-malware

July 8, 2018 - 14:04

Nicholas Perry

no cuz the answer is pretty obvious

July 8, 2018 - 14:06

Andrew Cook

>smallest repos
>surprised he has to verify scripts
lmao@u

July 8, 2018 - 14:09

Parker Taylor

>and in the end you might as well just install itself.

Attached: 1528247444290s.jpg (118x125, 2K)

July 8, 2018 - 14:13

1 2 3 Next

Malicious PKGBUILD in the AUR

Last threads