In June of 2026, Arch Linux experienced a real hurdle: a large number of packages were taken over and turned evil. Orphaned packages (as of writing, 1,935 known packages; roughly 1.8% of the AUR) were hijacked by bad actors and loaded with malware. If you use the AUR and have done a system update in the last week, it's highly recommended that you check to see if your system has any of the infected packages, and act accordingly. News of the incident in casual user groups has been... muddled, with some even falsely claiming that Arch Linux was hacked. So, I want to do my part to set the record straight. I'm gonna cover what the AUR is, what it isn't, and highlight something that always seems to get overlooked: If you're an inexperienced Arch Linux user, you shouldn't be using the AUR. // WTF Is The AUR? The AUR is the Arch User Repository; a user-run software repository for Arch Linux. Whenever you need a package that can't be found in the main Arch Linux repos, you can always check the…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.