Video by Michael Tunnell via YouTube
Support the channel by becoming a patron at https://tuxdigital.com/membership or get some swag at https://store.tuxdigital.com/
The Arch User Repository recently had a major security incident where more than 1,500 AUR packages were reportedly compromised with malware. In this video, I break down what happened, what users should do about this, how users can check for infection, and why Arch-based distro users should be careful with community packages.
### Scripts to check your system:
– https://www.reddit.com/r/linux/comments/1u3alhe/comment/or3vhax/
– https://discuss.cachyos.org/t/aur-compromised-400-packages-affected-20260611/31040/84
### Other Links:
– https://archlinux.org/news/active-aur-malicious-packages-incident/
– https://archlinux.org/about/
– https://www.reddit.com/r/linux/comments/1u3alhe/roughly_400_aur_packages_compromised/
———————————————————————————–
### Chapters:
00:00 Intro
00:15 What is the AUR?
00:39 Official Arch Repos NOT Affected
00:51 Here’s what happened…
01:24 There’s many questions for this
01:37 How do I found out if I’m affected?
01:51 How did this happen?
02:40 What should I do as an average user when installing from AUR?
03:05 What is a PKGBUILD?
03:34 Second answer for average users and the AUR
03:56 Arch Linux devs warning about the AUR
04:21 What is an AUR Helper?
04:43 Arch-based distros arguably make the access too easy
04:59 To clarify, in my opinion
05:25 Tips on how to review PKGBUILDs
06:22 Alternatives to the AUR
06:41 the only guarantee of life
06:57 My request to the "Arch btw" memers
07:30 "Just Works" Users
08:10 Do you like in-depth videos like this?
08:22 Two other questions
———————————————————————————–
Thanks For Watching!
#Linux #OpenSource #ArchLinux