No, it’s actual reality. There are more than a hundred thousand packages in the AUR. There are explicit warnings that these are user content and should be used with care.
And now a miniscule percentage (~1%) of orphaned packages, so those with very little interest in, are taken over by some malicious actors to spread malware.
And people suddenly pretend like this is a catastrophe for Linux (no one cares) and for Arch and it’s derivates (who don’t operate the AUR be definition and explicitly warn against using it without caution). If I told you that not 1, but 10% of the most obscure software packages you can download and install on Windows are pure malware, you wouldn’t even blink an eye. And yet all the morons now come crawling from their caves flooding everything with memes and bullshit of “haha, now we know you lied to us and Linux isn’t secure at all!”.
I think we should be proud. Linux is finally large enough to at least sort of get “hit” by a malware campaign, and it demonstrates the ease with which thousands of infected packages can be cleaned, because they are centralized to a few repositories. M$‘s only bet would be to update Defenders’ index and cross fingers that the signature doesn’t change.
Windows malware is always way out of control of M$, while that’s also the norm of uninfected programs.
Almost all Linux programs are by design installed from a central repo.
That’s like saying “i just want to bungee jump off this bridge” when the bridge is 10m above active traffic.
This piece of infrastructure is not designed to work this way. It’s made for linux nerds. Not unknowing users. And I don’t see why the AUR should punish the former because the latter are ignorant. So either be able to understand and actively read the things you’re running or just don’t.
There are plenty of other distros users can choose from, if they don’t want to deal with that. But picking one that is designed for advanced “nerdy” users and then ignoring those explicit warnings is just pure negligence.
Well, I dont. I’m fully aware of the footguns Arch based distros contain. I generally recommend Mint for Linux beginners. If the person is tech savvy and needs something for their gaming rig, then I might mention Bazzite.
All these Arch fanboys just can’t accept ANY criticism of their favourite Linux flavour. “IT’S THE BEST OKAY? EVERYBODY SAYS SO! IT’S THE BEST BECAUSE IT’S HARD TO USE AND ALL THE SOFTWARE IS BLEEDING EDGE AND MY SYSTEM BREAKS HALF THE TIME I DO AN UPDATE BUT THAT’S NORMAL LINUX SHIT OKAY? AND I USE THE AUR BECAUSE I KNOW WHAT I’M DOING EVEN THOUGH MY SYSTEM IS INFECTED OKAY?”
Peak Linux nerd shit.
People just want their updates to work and you’re out here screeching that users are holding it wrong and to read a bunch of diffs 🤣
No, it’s actual reality. There are more than a hundred thousand packages in the AUR. There are explicit warnings that these are user content and should be used with care.
And now a miniscule percentage (~1%) of orphaned packages, so those with very little interest in, are taken over by some malicious actors to spread malware.
And people suddenly pretend like this is a catastrophe for Linux (no one cares) and for Arch and it’s derivates (who don’t operate the AUR be definition and explicitly warn against using it without caution). If I told you that not 1, but 10% of the most obscure software packages you can download and install on Windows are pure malware, you wouldn’t even blink an eye. And yet all the morons now come crawling from their caves flooding everything with memes and bullshit of “haha, now we know you lied to us and Linux isn’t secure at all!”.
I think we should be proud. Linux is finally large enough to at least sort of get “hit” by a malware campaign, and it demonstrates the ease with which thousands of infected packages can be cleaned, because they are centralized to a few repositories. M$‘s only bet would be to update Defenders’ index and cross fingers that the signature doesn’t change.
Windows malware is always way out of control of M$, while that’s also the norm of uninfected programs.
Almost all Linux programs are by design installed from a central repo.
That’s like saying “i just want to bungee jump off this bridge” when the bridge is 10m above active traffic.
This piece of infrastructure is not designed to work this way. It’s made for linux nerds. Not unknowing users. And I don’t see why the AUR should punish the former because the latter are ignorant. So either be able to understand and actively read the things you’re running or just don’t.
That is some gatekeeping bullshit right there.
How is that gatekeeping?
There are plenty of other distros users can choose from, if they don’t want to deal with that. But picking one that is designed for advanced “nerdy” users and then ignoring those explicit warnings is just pure negligence.
Well then stop recommending Arch or CatchyOS to every new user that comes in here looking for a gaming Linux distro ffs.
Well, I dont. I’m fully aware of the footguns Arch based distros contain. I generally recommend Mint for Linux beginners. If the person is tech savvy and needs something for their gaming rig, then I might mention Bazzite.
No no, they’re right. This is arch linux, people demonstrably do not ‘just’ want their updates to work
LOL!
All these Arch fanboys just can’t accept ANY criticism of their favourite Linux flavour. “IT’S THE BEST OKAY? EVERYBODY SAYS SO! IT’S THE BEST BECAUSE IT’S HARD TO USE AND ALL THE SOFTWARE IS BLEEDING EDGE AND MY SYSTEM BREAKS HALF THE TIME I DO AN UPDATE BUT THAT’S NORMAL LINUX SHIT OKAY? AND I USE THE AUR BECAUSE I KNOW WHAT I’M DOING EVEN THOUGH MY SYSTEM IS INFECTED OKAY?”
Next thing you’re gonna tell me you eat random shit found on the road and it’s nerd bullshit to check if it’s safe or not.