Select Page

Yet another incident which showcases that you should not explicitly trust user-controlled software repositories.

One of the most popular Linux distros Arch Linux has pulled as many as three user-maintained software repository AUR packages after it was found hosting malicious code.

Arch Linux is an independently developed, general-purpose GNU/Linux distribution composed predominantly of free and open-source software, and supports community involvement.

Besides official repositories like Arch Build System (ABS), Arch Linux users can also download software packages from several other repositories, including AUR (Arch User Repository), a community-driven repository created and managed by Arch Linux users.

images from Hacker News