[aur-general] - [SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contained malware
This entry was edited (1 month ago)
Archos reshared this.
⇧
[aur-general] - [SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contained malware
Archos reshared this.
_L4NyrlfL1I0
in reply to Arch Linux • • •is there an archive of the PKGBUILD and distributed binary files of the packages so that post-mortem analysis of the attack can be done?
I assume all public downloads of the affected packages have been removed so that people don't install the malware by accident.
Bacteria
in reply to Arch Linux • • •Bacteria
in reply to Arch Linux • • •Just thinking out lound but can't we have a more interesting system to improve the security of AUR?
My suggestions:
1) Arch Packagers can appoint AUR maintainers who are trusted to benign. Maybe by number packages or votes on packages.
2) Every new AUR package should require to be approved by an AUR maintainer irrespective of the age of account.
Richardus
in reply to Arch Linux • • •Why would you use a firefox AUR packadge. when if you use KDE you can download it from flatpak ? Am anyway sceptic with AUR packadges.
Or is flatpack just as bad as AUR ?