Arch Linux's AUR Compromised with Malware (over 1,500 packages!)
Support the channel by becoming a patron at https://tuxdigital.com/membership or get some swag at https://store.tuxdigital.com/The Arch User Repository recently had a major security incident where more than 1,500 AUR packages were reportedly compromised with malware. In this video, I break down what happened, what users should do about this, how users can check for infection, and why Arch-based distro users should be careful with community packages.
### SHOW NOTES ►► https://tuxdigital.com/videos/
### Links:
- https://archlinux.org/news/active-aur-malicious-packages-incident/
- https://archlinux.org/about/
- https://www.reddit.com/r/linux/comments/1u3alhe/comment/or3vhax/
- https://discuss.cachyos.org/t/aur-compromised-400-packages-affected-20260611/31040/84
- https://www.reddit.com/r/linux/comments/1u3alhe/roughly_400_aur_packages_compromised/
-----------------------------------------------------------------------------------
### Chapters:
00:00 Intro
00:15 What is the AUR?
00:39 Official Arch Repos NOT Affected
00:51 Here's what happened...
01:24 There's many questions for this
01:37 How do I found out if I'm affected?
01:51 How did this happen?
02:40 What should I do as an average user when installing from AUR?
03:05 What is a PKGBUILD?
03:34 Second answer for average users and the AUR
03:56 Arch Linux devs warning about the AUR
04:21 What is an AUR Helper?
04:43 Arch-based distros arguably make the access too easy
04:59 To clarify, in my opinion
05:25 Tips on how to review PKGBUILDs
06:22 Alternatives to the AUR
06:41 the only guarantee of life
06:57 My request to the "Arch btw" memers
07:30 "Just Works" Users
08:10 Do you like in-depth videos like this?
08:22 Two other questions
-----------------------------------------------------------------------------------
Thanks For Watching!
#Linux #OpenSource #ArchLinux Receive SMS online on sms24.me
TubeReader video aggregator is a website that collects and organizes online videos from the YouTube source. Video aggregation is done for different purposes, and TubeReader take different approaches to achieve their purpose.
Our try to collect videos of high quality or interest for visitors to view; the collection may be made by editors or may be based on community votes.
Another method is to base the collection on those videos most viewed, either at the aggregator site or at various popular video hosting sites.
TubeReader site exists to allow users to collect their own sets of videos, for personal use as well as for browsing and viewing by others; TubeReader can develop online communities around video sharing.
Our site allow users to create a personalized video playlist, for personal use as well as for browsing and viewing by others.
@YouTubeReaderBot allows you to subscribe to Youtube channels.
By using @YouTubeReaderBot Bot you agree with YouTube Terms of Service.
Use the @YouTubeReaderBot telegram bot to be the first to be notified when new videos are released on your favorite channels.
Look for new videos or channels and share them with your friends.
You can start using our bot from this video, subscribe now to Arch Linux's AUR Compromised with Malware (over 1,500 packages!)
What is YouTube?
YouTube is a free video sharing website that makes it easy to watch online videos. You can even create and upload your own videos to share with others. Originally created in 2005, YouTube is now one of the most popular sites on the Web, with visitors watching around 6 billion hours of video every month.
