Tag
The Arch User Repository (AUR) has been under sustained attack, with attackers creating new accounts to adopt orphaned packages and push malicious updates. The project has temporarily disabled new-user registration, but long-term security solutions remain unclear.
yay v13 introduces Lua hooks for extensibility and displays PKGBUILD last modification time to help users review packages more carefully, responding to the AURpocalypse incident.
Malicious packages in the Arch Linux AUR have been found inserting Russian spam into users' shell configuration files, prompting a cleanup effort by maintainers.
Arch Linux developers have contained a malware incident in the AUR user-contributed repository, deleting malicious commits affecting over 1,500 packages.
Security compromise of Arch User Repository (AUR) packages with infostealer and rootkit malware, posing a significant threat to users who installed the affected packages.
Security alert: malicious packages are being spread in the Arch User Repository (AUR), posing a risk to Arch Linux users.
Hundreds of Arch User Repository (AUR) packages were compromised by an infostealer malware. Package maintainers are working to remove malicious commits and ban the involved accounts.
Arch Linux notifies users that the varnish package has been renamed to vinyl-cache, requiring manual migration of configuration files, directories, users, and systemd units.
A critical blog post argues that omarchy, DHH's Linux distribution, is not a real distro but merely his personal dotfiles on top of Arch Linux, bundled with proprietary software and personal keybindings.
Arch Linux released a bit-for-bit reproducible Docker image under a new "repro" tag, requiring users to regenerate pacman keys before package management.