There’s been malware in the past, not only that - AUR is user submitted. It’s in the name. They warn you to double check what you’re installing. It is functionally similar to running a random installer you found on GitHub.
It seems like these instances are being intentionally blown out of proportion, but I don’t see what there is to gain by doing that.
I don’t want to say stupid things, but I have so many theories. I check the shit out of a package before installing it. I even go to the GitHub page and make sure of things.
It’s an obvious vector for malware, arch by default doesn’t come with it, and users have been warned the entire time to check pkgbuild. There’s nothing fishy, it’s just that arch has enough users to be worth it to hit it.
I smell something fishy going on. I’ve been using the AUR for a long time and I’m now just hearing of malware?
There’s been malware in the past, not only that - AUR is user submitted. It’s in the name. They warn you to double check what you’re installing. It is functionally similar to running a random installer you found on GitHub.
It seems like these instances are being intentionally blown out of proportion, but I don’t see what there is to gain by doing that.
So basically how Windows users have been acquiring their software for the last 30 years.
I don’t want to say stupid things, but I have so many theories. I check the shit out of a package before installing it. I even go to the GitHub page and make sure of things.
The AUR is made up of user packages
It isn’t crazy that malware made it in. It is very much a “user at your own risk.” Packages are reviewed but sometimes things slip in.
It’s an obvious vector for malware, arch by default doesn’t come with it, and users have been warned the entire time to check pkgbuild. There’s nothing fishy, it’s just that arch has enough users to be worth it to hit it.
I expect that with SteamOS being based on Arch there will be a bigger target on Arch for malware just from increased attention on the platform