I personally am surprised the AUR has lasted this long. I personally believe that negatives outweigh the positives with having ANYONE be able to submit packages to the AUR. I say better moderation / verification or everyone focuses on official packages instead.
Hēgweard Tsulalgi
I agree, shut down aur, HARDEN TF OUTTA IT. Build in kill switches in aur helper packages as well.
Cause people are blaming Linux, which is just a kernel btw and moving back to Winslop which already does what the malicious packages on aur is doing rn but with a fancy corpo tag on it.
Catrina
“At this stage it's a bit surprising they don't completely shutdown AUR until they can better verify the security and safety of this user-supplied repository or at least implement new safeguards on changes.”
Shut it down permanently!!
www.phoronix.com/news/Arch-Li...
Just a day after Arch Linux developers believed they got their malware AUR incident under control with 1,500+ packages affected by malware, another round of of AUR malware is now being discovered
