Linux

65722 readers

443 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago

MODERATORS

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware (www.phoronix.com)

submitted 2 hours ago by Virual@lemmy.dbzer0.com to c/linux@lemmy.ml

13 comments fedilink hide all child comments

all 14 comments

sorted by: hot top controversial new old

[–] thingsiplay@lemmy.ml 26 points 2 hours ago* (last edited 2 hours ago) (2 children)

As an user of the AUR, this is devastating news to me. I am also guilty of accepting updates without reading the latest changes, even if yay asks me if I want to. This is a reminder to everyone to only install from the AUR for absolutely necessary stuff only, and only if you trust the maintainer. And to at least have a look if something suspicious is going in with the recent changes in the package recipe. AND to read in the communities and news.

I don't understand why there still no official announcement as a warning from the Archlinux team at https://archlinux.org/news/ . Is there a different place for security news specifically about the AUR to subscribe to?

[–] trevor@lemmy.blahaj.zone 14 points 2 hours ago (2 children)

The fact that the Arch maintainers seem to prefer Reddit over their own fucking news channel is what made me switch from Arch years ago. I got sick of upstream breaking changes fucking my system because they wouldn't notify people through official channels, only to find it later of /r/archlinux 🙄🙄🙄

[–] Aatube@kbin.melroy.org 8 points 1 hour ago (1 children)

since the 2022 grub incident, Arch has done a great job at notifying the news channel when "manual intervention required" AFAIK, and I don't remember any instances of Arch maintainers only notifying Reddit (and I don't think they notified Reddit for the grub incident either lol).

[–] muhyb@programming.dev 1 points 46 minutes ago

It's been 4 years already? WTF?

[–] Aatube@kbin.melroy.org 2 points 1 hour ago (1 children)

the arch news channel is for breaking changes to arch pacakges (so not the AUR) only. maybe you could subscribe to aur-general@lists.archlinux.org.

[–] thingsiplay@lemmy.ml 2 points 1 hour ago (1 children)

I was hoping to subscribe with RSS. Not sure how to subscribe there.

[–] Aatube@kbin.melroy.org 3 points 1 hour ago

it's a mailing list, so heads up, if you subscribe you're also gonna get other discussion like the forums.

https://lists.archlinux.org/mailman3/lists/aur-general.lists.archlinux.org/

[–] deforestgump@hexbear.net 2 points 49 minutes ago

GOTDAMN

[–] starblursd@lemmy.zip 2 points 1 hour ago* (last edited 1 hour ago) (1 children)

There were announcements and security ping in the arch Linux community discord... But I wish they'd be more vocal on this outside discord especially given discords controversy as of late

[–] liinux@pawb.social 1 points 1 hour ago (1 children)

Thee's a official Arch Linux D*scord?

[–] starblursd@lemmy.zip 1 points 1 hour ago* (last edited 1 hour ago)

No it's unofficial but it's I believe the biggest/primary arch Linux community discord .

In their roles chanel you can pick one to get security pings.. major ones are typically also everyone pinged but some have those disabled

[–] Aatube@kbin.melroy.org 2 points 1 hour ago

(hopefully this doesn't read as blaming the victims instead of the attackers but) I personally don't think it's that complicated to read the updates to AUR packages. It's not any more hard than only commenting after reading the links that people post here instead of just the headlines—which we all do, right?

[–] M33@piefed.world 3 points 2 hours ago

Wow that’s bad 🫢