Who is using Arch? Beware!
https://nakedsecurity.sophos.com/20...

Omfg.. Half the devRant community are actually zombie downloader robot overlord malware bots.

Glad i dodged that one and never got to try Arch so I stayed with Ubuntu/Mint/Fedora/Raspbian 😌

"B-but I compiled it from source! T-that must mean it's s-secure!"

Calls @ArchLinux
* grabs popcorn with real butter and salt *

The good ol' rule of "always double checking AUR packages source code" exists for a reason. Don't blame the distro, blame the users. Sure, it's a tedious and complex process, but security and convinience often don't pair well togheter, unfortunately.

@Giocol so much this. The one thing I hate about 90% of Arch evangelists is the way they keep shouting "muh packages are all built from source, muh security, muh superior distro", but they don't actually put in the work required to check every single package they update and just get a hard-on everytime they run "pacman -Syu" because muh 1337 h4xx0r ski11z

@endor exactly! Sure, AUR has some awesome stuff in it, but people need to learn to be careful. And hey, maybe stuff like this, even if it's obviously not ideal, can at least speed up the learning process

Please do fully read the article before making implying comments

Didn't something like this happen with NPM just the other day?

Beware! Github has malware on it! Uninstall Git and delete system32!!11

this is as fucking idiotic as when the github ***mirror*** of gentoo (note: not default, not recommended, no rsync support) had malware for 8 hrs and people went batshit over it

A massive user package repository has viruses in it. Surprise surprise mother fucker!
I wonder if a massive user managed computer network has viruses in it.

OH... That's the internet. Dang it.

@nik123 AUR with validation IS the community repo.
I believe that things are good as they are.
AUR with validation will be very hostile to new potential packagers.
Arch Linux, already known for being hard to get started with, certainly doesn't need more barriers.