this post was submitted on 01 Aug 2025
81 points (93.5% liked)

Linux

8723 readers
412 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
81
Arch Linux Users at Risk Again as AUR Hit by Another RAT (news.itsfoss.com)
submitted 1 day ago by cm0002@programming.dev to c/linux@programming.dev
33 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] TeddE@lemmy.world 7 points 19 hours ago (1 children)

This is absolutely a shortcoming of Arch - but I don't see it getting fixed soon. Your change is practical, and could reduce the attack surface for bad actors, but it also introduces gatekeeping and would slow down time from code change to deployment. The open community and blazing fast end-to-end turnaround are both Arch key features (in my opinion).

If you prefer more vetted code, there's other great distros (Debian leaps to mind).

But honestly - yes, some people got hurt - but it was addressed in a day. That's not a bad turnaround ~ I've certainly seen that damage wrought by Windows- and iOS-based malware run at least that long.

This can be seen as the system working as intended. Please don't run Arch on mission critical systems. There's other distros for that. While this vulnerability is Arch-specific, this OS is often a canary for others. But if you can tolerate being on the frontier, Arch is very well documented and is great for learning - and yes it has some risk.

[–] generator@lemmy.zip 5 points 19 hours ago* (last edited 18 hours ago) (1 children)

Arch also warns uses about AUR, use at at your own risk, and can break your system.

My approach isn't definitely not the best solution, I was saying this is only the beginning, and with other arch based distros also using AUR only gets worse, if there's any moderation and some kind of package control before publishing then when thins get real bad maybe too late and arch starts loosing users.

Now is just some packages, later could be some popular package take overs or some kinda spoofing of other packages.

I use arch BTW (since 2011), and ~~Debian~~ Armbian on Raspberry Pi, one is rock solid the other sometimes break with updates

[–] TeddE@lemmy.world 3 points 17 hours ago

I think we're broadly in agreement here, and I think both our statements are important to the Linux discussion. Moreover, we're not speaking privately - I wish I could direct recent converts from Windows to this thread as a whole, as you offer good advice - be wary of your sources & learning how to inspect gifts you're offered is excellent advice.