this post was submitted on 12 Jun 2026
133 points (100.0% liked)

Linux

65722 readers
525 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 7 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
133
Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware (www.phoronix.com)
submitted 9 hours ago by Virual@lemmy.dbzer0.com to c/linux@lemmy.ml
23 comments fedilink hide all child comments
all 24 comments
sorted by: hot top controversial new old
[–] IEatDaFeesh@lemmy.world 6 points 3 hours ago* (last edited 3 hours ago) (2 children)

Ahh clearly Arch users didn't RTFM before installing shit. Skill issue.

PS: The above is an invitation to self-care, not an insult.

[–] thingsiplay@lemmy.ml 2 points 1 hour ago

Reading the manual clearly won't help with the issue here. This is clearly not an appropriate use of RTFM terminology here, because it does not apply. The problem here is not that the user needs to read before asking for help. The problem here is to understand the changes made in the script are malicious. And reading the manual won't help with that.

[–] ohshit604@sh.itjust.works 5 points 2 hours ago (1 children)

I must say, Read The Fucking Manual is a bit more clear than Read The Friendly Manual.

[–] yetAnotherUser@lemmy.ca 2 points 2 hours ago* (last edited 2 hours ago) (1 children)

I disagree with the post you put here on a single thing: the manual is sometimes bad, by either not describing everything, or being unclear.

[–] wuphysics87@lemmy.ml 2 points 1 hour ago

Is that worse than not reading it at all? Often it is a lead to something more useful

[–] bizdelnick@lemmy.ml 15 points 4 hours ago (2 children)

More Than 400

1579

I don't use Arch BTW.

[–] taiyang@lemmy.world 4 points 4 hours ago

Useful list for those who do use Arch; I've only got like two things from AUR and neither is on that list (although I kinda recognize a couple with slightly different names, like what, knock off plugins for official stuff?)

[–] chgxvjh@hexbear.net 3 points 4 hours ago

I got yesterday an email how one of the packages from this list that I used to maintain was adopted.

[–] whatiswrongwithyou@lemmy.ml 1 points 2 hours ago

Dang, if only their packages were more up to date maybe this wouldn’t have happened.

[–] veniasilente@lemmy.dbzer0.com 2 points 3 hours ago

AUR

Play stupid games win stupid prizes I guess.

[–] thingsiplay@lemmy.ml 41 points 8 hours ago* (last edited 5 hours ago) (1 children)

As an user of the AUR, this is devastating news to me. I am also guilty of accepting updates without reading the latest changes, even if yay asks me if I want to. This is a reminder to everyone to only install from the AUR for absolutely necessary stuff only, and only if you trust the maintainer. And to at least have a look if something suspicious is going in with the recent changes in the package recipe. AND to read in the communities and news.

I don't understand why there still no official announcement as a warning from the Archlinux team at https://archlinux.org/news/ . Is there a different place for security news specifically about the AUR to subscribe to? EDIT: https://archlinux.org/news/active-aur-malicious-packages-incident/ They did it, an official message.

[–] trevor@lemmy.blahaj.zone 29 points 8 hours ago* (last edited 2 hours ago) (3 children)

The fact that the Arch maintainers seem to prefer Reddit over their own fucking news channel is what made me switch from Arch years ago. I got sick of upstream breaking changes fucking my system because they wouldn't notify people through official channels, only to find it later on /r/archlinux 🙄🙄🙄

[–] ramenu@lemmy.ml 1 points 7 minutes ago

They made an announcement though

[–] tanka@lemmy.ml 2 points 4 hours ago (1 children)

What are you using now?

After the end of Win10 I moved to arch but I think my week end will be filled with moving again. ^^

[–] trevor@lemmy.blahaj.zone 2 points 2 hours ago

On my desktop, CachyOS 💀

It was years ago when Arch pissed me off, but I couldn't resist Arch-based distros forever. So far, I haven't been burned.

On my laptop, Asahi Linux, which is basically Fedora ARM with a custom kernel. I'd recommend Fedora to most general users.

[–] SocialistVibes01@lemmy.ml 2 points 4 hours ago

(btw)

[–] chgxvjh@hexbear.net 1 points 4 hours ago

Least surprising thing ever. Nothing is reviewed or approved, not even proforma

[–] deforestgump@hexbear.net 3 points 7 hours ago

GOTDAMN

[–] starblursd@lemmy.zip 4 points 7 hours ago* (last edited 7 hours ago) (1 children)

There were announcements and security ping in the arch Linux community discord... But I wish they'd be more vocal on this outside discord especially given discords controversy as of late

[–] liinux@pawb.social 0 points 7 hours ago (1 children)

Thee's a official Arch Linux D*scord?

[–] starblursd@lemmy.zip 1 points 7 hours ago* (last edited 7 hours ago) (1 children)

No it's unofficial but it's I believe the biggest/primary arch Linux community discord .

In their roles chanel you can pick one to get security pings.. major ones are typically also everyone pinged but some have those disabled

[–] floquant@lemmy.dbzer0.com 1 points 4 hours ago

You'll pry #archlinux from my cold dead hands

[–] M33@piefed.world 6 points 9 hours ago

Wow that’s bad 🫢