As recently discussed on the Arch Mailing list there appears to have been a large coordinated attack on the AUR some time within the last 24 hours that seems to have resulted in a rather sizable amount of packages being contaminated with malware. This is a good reminder that the AUR is open, unofficial, user-produced, content. The only secure way to use the Arch User Repository is by reviewing every PKGBUILD. While efforts are now underway to clean out any problem packages there still exists ...
This is so stupid but really hard to avoid. Before I had a gz link and I knew I’d download, check Sha or signature, export path and ready.
Tried installing antigravity and it’s this stupid thing. So I downloaded a large script, read a lot of it, didn’t find something easy to put together to figure out what binary to download. Took me quite some time to install something that should have taken 2 minutes.
Ah and I’m told it auto upgrades. Great, now I have a back door too.
Replace this tool with basically anything, because pages don’t have download links anymore. Soon there will be nothing published in curated repos like brew, nix, debían etc
This is so stupid but really hard to avoid. Before I had a gz link and I knew I’d download, check Sha or signature, export path and ready.
Tried installing antigravity and it’s this stupid thing. So I downloaded a large script, read a lot of it, didn’t find something easy to put together to figure out what binary to download. Took me quite some time to install something that should have taken 2 minutes.
Ah and I’m told it auto upgrades. Great, now I have a back door too.
Replace this tool with basically anything, because pages don’t have download links anymore. Soon there will be nothing published in curated repos like brew, nix, debían etc