>ARCH LINUX CONTAINS MALWARE

default on manjaro

Attached: 2018-07-16-000906_546x466_scrot.png (546x466, 24K)

>if you install this OS and then do something stupid you're explicitly advised against doing, bad things can happen
>this is the fault of the OS

So Arch is compromised, Gentoo is compromised...
What is /ourdistro/ now Jow Forums?

Link to where you got that from?

>Github mirror
>compromised
What did he mean by this?

Neither are compromised though.

But the answer is GuixSD.

If you want to create malware for Arch, you can do this in 2 mins, just create a new package on the AUR. This is how the AUR works, stop baiting, retard.

I just looked in pamac and turns out I've had it disabled.
Just in time with this post as I was about to go back to ubuntu.

>no hardware support
yeah no

it uses the same kernel as all the other distros you dumb fuck

>mfw autistically read every ebuild from out of tree overlays before copying it into my own and never touching the original overlay again
if something is going to screw me over it is some chucklefuck adding an extra space in an rm -rf or a malicious commit to a popular project like ffmpeg

Attached: 1531004387380.jpg (2000x2500, 1.14M)

Is your space bar broken?

>OMG A LINUX DISTRO MAY CONTAIN MALWARE IN ONE PACKAGE IN THE U S E R R E P O S I T O R Y THAT IS OPTIONAL TO USE
*crickets cherping*

Attached: hehehehehehhe.png (705x545, 480K)

TempleOS doesn't have this problem

I bet this faggot came to Jow Forums because 'le based glow in dark nigger man xD'

>>Install Arch Linux! The AUR has everything you need!
Said literally no one, ever. I've never once needed to look in the AUR for anything.

Having AUR enabled in pamac doesn't put you in danger. Installing compromised packages does.

>malware

I thought this was yet another systemd thread.

OpenSUSE

If you can't read code, the popular AUR packages are generally safe. It's the zero votes packages that you have to watch out for, and usually they are just a simple script or whatever. AUR is a great community tool and is what makes arch arch. If you get bot-netted you deserve it

Does anyobdy else besides programmers use Arch Linux unironically? No wonder why retards get malware.

ReactOS

install macOS, the one true linux distro

>Adobe Reader
What 30 year old boomerware is that?

It's not like the AUR doesn't advertise checking the PKGBUILD or install scripts before building a package. Everything is there to see.

Linux users of all distributions have received a major warning not to explicitly trust
>not to explicitly trust
Literally the English you'd expect from an Arch babby.

Why do you keep making this retarded thread

>Fortunately a code analysis was able to discover the modifications in due time - only several days after the dangerous code was placed in the app installation instructions
Man, if you're gonna try to spread FUD bullshit, at least get your facts right.. It was found within about 8 hours, not "several days". And the installed script was literally nonfunctional because the author was a retard. Literally harmless, and a fantastic warning not to blindly trust shit off the internet because next time it will be actually bad.

And on that note, where's your nonsense about random PPAs for Debian-based distros, Fedora's user repos, downloading random exes off the internet for Windows, etc etc? I think you might just be a retard, OP.

>download random obscure code from public repository(AUR, GitHub, sourceforge, whatever)
>run it without checking what's doing
>it's a virus
>how could it happen?

Attached: 802.jpg (500x680, 40K)

Attached: photo.jpg (460x460, 49K)

Honestly, I trust more in packages in AUR that have some ability to be curated via votes than in random ppa repositories like you need to in ubuntu or Debian that a guide told you to install

Apple Macbook doesn't have this problem

Weird windows doesn't have this problem?

have you been living under a rock for the past 30 years?

No i just have windows 10 Enterprise with ATP

No, it uses Linux-Libre.

>install .exe from sketchy website, get virus
>complain on Jow Forums about Windows containing malware
>complain about the usefulness of Windows package management if random sketchy .exes could be viruses

This is how you faggots sound.

Pro tip for the genuinely curious: It takes 30 seconds to look at a PKGBUILD and see what URL it points to. If you don't trust the host, don't install the program. If reading a small text file to get an idea of what it says sounds like too much work for you, buy a Mac.

If this is just now notable news then I'd say that means the AUR is in a good state

Linux is a kernel.

>>AAHAHHAHAHAHAHAHAAHAHAHAHAHAHAAHAHHAHAHAHAHAAHAHAAHHAHA-
>*breathes*
>AAHAHHAHAHAHAHAHAAHAHAHAHAHAHAAHAHHAHAHAHAHAAHAHAAHHAHA

AAHAHHAHAHAHAHAHAAHAHAHAHAHAHAAHAHHAHAHAHAHAAHAHAAHHAHA-
*breathes*
AAHAHHAHAHAHAHAHAAHAHAHAHAHAHAAHAHHAHAHAHAHAAHAHAAHHAHA

>AUR has everything you need!

>>it's basically not different from using a random ass ppa
it sure as hell IS different than a random ppa which is a binary which you have to jump tru hoops to even maybe be able to examine
pkgbuilds are just scripts which you can and should easily read

templeos

also doesn't have internet

>users of all distributions have received a major warning not to explicitly trust
>DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.
aur.archlinux.org/

jee i wonder what this could be

Attached: Screenshot_2018-07-16 AUR - niggers.png (525x441, 33K)

Literally wintoddlers have figured this out by now

>Ubuntu boi feels superior
Please, summer, get finished already

yeah and it's called SYSTEMD

This is literally all I have from the AUR repo
[archlinux@thinkpad sorting_algorithms]$ pacman -Qm
camlidl 1.06-3
gapi-ocaml 0.3.6-3
google-drive-ocamlfuse 0.6.25-1
microsoft-gsl 1.0.0-1
ocaml-base 0.11.0-2
ocaml-configurator 0.11.0-1
ocaml-cryptokit 1.13-2
ocaml-curl 0.8.1-2
ocaml-extlib 1.7.2-1
ocaml-ounit 2.0.6-1
ocaml-pcre 7.3.4-1
ocaml-result 1.3-1
ocaml-sexplib0 0.11.0-1
ocaml-sqlite3 4.1.3-1
ocaml-stdio 0.11.0-1
ocaml-topkg 0.9.1-1
ocaml-xmlm 1.3.0-1
ocaml-zarith 1.7-1
ocamlfuse 2.7.1-6
ocamlnet 4.1.6-1
openttd-jgrpp 0.25.2-1
pcmciautils 018-8
prelink 20130503-7
preload 0.6.4-6
rhythmbox-llyrics 1.2-1
sdlpop 1.18.1-1
ttf-dejavu-sans-mono-powerline-git r194.a08b1f6-1
yaourt 1.9-1
[\code]

Nah, that's not the interesting part. I've had the following experience:
>Arch repos are shit and have no software (rstudio, Firefox ESR and so on)
>AUR has everything! We don't need it in the repos.
>Dont use AUR, it's unofficial!

Attached: 18833734.jpg (495x388, 62K)

-Qqm

>Firefox ESR
>aur
and you're wrong
my observation is that there is almost nothing in the aur that is used by majority of users besides shit like discord and skype which should stay there

>arch repos don’t have firefox

Attached: 8AD9C4A1-D98E-4849-B581-03E2E8218AFB.jpg (217x276, 19K)

[*yawn*] read the pkgbuilds.

not esr but you shouldn't be using the aur for it anyway

>and you're wrong
You sure?
>Should stay there
You can reread my previous post again, user.
And you should try reading the post before you get triggered.

Attached: Screenshot_20180716-185813.png (1920x1080, 204K)

sorry no images but you could paste that if it's text
and ye im sure it's dumb to grab ff esr from the aur
if you need something else that's there, i don't see an issue unless the script is broken and you can't fix it yourself
but my observation is correct, the majority of users use almost nothing from the aur

This just makes me glad I moved away from Arch in favor of Opensuse. What are the odds the open build service would have packages with spooky surprises baked in?

>sorry no images but you could paste that if it's text
It's a screenshot that shows there is no Firefox ESR in the repos.
>the majority of users use almost nothing from the aur
If that's the reasoning, they can remove everything that is not Base-System/DE/Office/Chrome from the main repos, as that's what majority is using.

>no Firefox ESR in the repos.
didn't say there was
plenty of things in the repos ppl use
there are some things in the aur which would be better to be in the repos but those are few
my observation stands

>didn't say there was
You literally said it here: >My observation
1. Is unfounded
2. Doesn't bring anything new to the table
You are basically saying "Doesn't matter", so only reiterates my Greentext in the original post.

linuxquestions.org/questions/showthread.php?p=5845618#post5845618

>You literally said it here: (You)#
doesnt say there is esr in rep
implies it's dumb to use aur for ff oh my observation is very founded in the years of usage and chatter with people
if the table is your post then it accomplishes it's goal to shit all over it
the ppl who do use aur a lot are those who use manjaro

You might want to rewrite your post, I think your autocorrect is faulty and I don't quite understand most of it.
>Using aur is stupid
If you propose to compile from source manually, then what's the point of AUR at all? In the end this leaves us with a very shitty vanilla repos.

what's stopping you from getting a stock kernel from kernel.org you dip?

Debian GNU/Linux

why do you need anything more? Afraid to do things yourself?

>>Using aur is stupid
come on mang i didn't write that
>you propose to compile from source manually
where?

>not reading pkgbuilds

Curl | bash is the most obvious malicious code, it wasn't even obfuscated in the slightest. Only idiots would've gotten hit with this

the point of the aur is to host/share things missing from the repo or things no repo maintainer wants to maintain
the danger is ppl like op don't read what they're about to run and then make a big deal about it
the inconvenience is that a pkg script may require something tricky because one of it's dependencies is obsolete [the dependency] (because the pkg is aimed at deb/untu) or something

This. But anyways, only a retard would install Adobe Reader in the first place.

>Malware Found on the Ubuntu Snap Store - OMG! Ubuntu!
omgubuntu.co.uk/2018/05/ubuntu-snap-malware
>2018/05

This. OP is a faggot.

>Current state of wangblows users

It's literally the default behavior for installing windows software without a way to easily update third party software.

1 click installers.

If someone puts malware in an Opensuse repo there isn't anyway of knowing. In arch you can just look at the build file and make sure it downloading code from the proper place. This is blown out of proportion. If you want to use Opensuse use Gecko instead so you'll have media codes out of the box.

>The changes included a curl script that downloads and runs a script from a remote site.
How """advanced""" The snapd miner was better and even then, it shows how hopeless the attackers against the OS itself.

Attached: pepeslashlinux.png (883x1024, 105K)

>This installs a persistent software that reconfigures systemd in order to start periodically.
Why is no one talking about this

openSUSE tumbleweed