this post was submitted on 01 Aug 2025
86 points (93.9% liked)

Linux

8740 readers
453 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
86
Arch Linux Users at Risk Again as AUR Hit by Another RAT (news.itsfoss.com)
submitted 2 days ago by cm0002@programming.dev to c/linux@programming.dev
33 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] MangoPenguin@lemmy.blahaj.zone 6 points 1 day ago (3 children)

Can someone explain how the AUR isnt the same as running a random bash script you found on the internet?

[–] MrMcGasion@lemmy.world 16 points 1 day ago* (last edited 1 day ago) (1 children)

It's not any different from running a random bash script, which is why according to the Arch wiki, users of the AUR should "verify that the PKGBUILD and accompanying files are not malicious or untrustworthy." That's also why good AUR helpers ask if you want to look at the PKGBUILD every time you install or update anything, because best practice is to read them every time so you know what it's doing.

The AUR there for convienience, which means it tends to get used by newbies who really probably shouldn't be using it. But I also won't pretend that I follow the guidance every time myself.

[–] MangoPenguin@lemmy.blahaj.zone 1 points 1 day ago

I don't really know how a newbie is supposed to review the build and files lol

load more comments (1 replies)