The Arch Linux User Repository "AUR" was hit by a large-scale malware campaign this week with more than 400 of these user-supplied packages being compromised.

https://www.phoronix.com/news/Arch-Linux-AUR-400-Compromised

https://www.youtube.com/watch?v=8KQFgWhido
Linus team人終於做到一半人dual boot
雖然Linus都未轉 因為話要做review好多windows only

食盡兩家茶禮

原來係比高登食左某D字 玩死
8KQFgWhido

The Arch Linux User Repository "AUR" was hit by a large-scale malware campaign this week with more than 400 of these user-supplied packages being compromised.

https://www.phoronix.com/news/Arch-Linux-AUR-400-Compromised

check過未有事住 不過下次AUR update都係認真audit下先....

原來係比高登食左某D字 玩死
8KQFgWhido

開左粗口filter就入唔到link 笑左

aur係邊個都可以放package上去？
同埋啲package有冇經過audit先可以上架？

所以不嬲aur都應該自己audit

The day started out with Arch Linux's AUR user-contributed repository seeing more than 400 packages compromised with malware. Now in ending out the day they believe all affected commits have been addressed. But it ended up being more than 1,500 affected packages.
https://www.phoronix.com/news/Arch-Linux-AUR-More-Than-1500

所以不嬲aur都應該自己audit

Slackware 自己唔做就根本無人幫我 update
要靠slackbuilds嗰批額外嘢仲要自己拎源碼build

所以不嬲aur都應該自己audit

Slackware 自己唔做就根本無人幫我 update
要靠slackbuilds嗰批額外嘢仲要自己拎源碼build

slackbuild 即係類似AUR?
點解仲要自己拎源碼

所以不嬲aur都應該自己audit

Slackware 自己唔做就根本無人幫我 update
要靠slackbuilds嗰批額外嘢仲要自己拎源碼build

slackbuild 即係類似AUR?
點解仲要自己拎源碼

因為slackbuilds嘅原創內容就只有一條 build script 同埋畀pkgtook睇嘅額外嘢
條script做嘅就係拎最源頭嘅source tarball compile 一個 slackware package 畀你自己裝
大型嘅軟件好似LibreOffice就有兩套script, 一套拎官方binary重新包裝，一套係拎源碼從頭compile

呢種做法正是Slackware本色: 如非必要唔會落自己patch

所以不嬲aur都應該自己audit

Slackware 自己唔做就根本無人幫我 update
要靠slackbuilds嗰批額外嘢仲要自己拎源碼build

slackbuild 即係類似AUR?
點解仲要自己拎源碼

因為slackbuilds嘅原創內容就只有一條 build script 同埋畀pkgtook睇嘅額外嘢
條script做嘅就係拎最源頭嘅source tarball compile 一個 slackware package 畀你自己裝
大型嘅軟件好似LibreOffice就有兩套script, 一套拎官方binary重新包裝，一套係拎源碼從頭compile

呢種做法正是Slackware本色: 如非必要唔會落自己patch

sbotools係咪即係slackware界嘅yay

有冇人有玩usb lINUX，有邊隻夠細SIZE

剛剛更新系統失敗
error message話librewolf而家變咗insecure package, 要我加入條allow list先俾我裝
嚇死我，即刻查咩事
然後搵到呢個PR
https://github.com/NixOS/nixpkgs/pull/531706
原來係有個librewolf contributor PR要求update最新version, 但過咗兩個月都冇人review同merge, 然後佢發老脾mark librewolf做insecure package
security team leader Martin Weinelt一句comment都冇留低直接approve 呢個PR就算
真係頂唔順 成件事都幾白痴

剛剛更新系統失敗
error message話librewolf而家變咗insecure package, 要我加入條allow list先俾我裝
嚇死我，即刻查咩事
然後搵到呢個PR
https://github.com/NixOS/nixpkgs/pull/531706
原來係有個librewolf contributor PR要求update最新version, 但過咗兩個月都冇人review同merge, 然後佢發老脾mark librewolf做insecure package
security team leader Martin Weinelt一句comment都冇留低直接approve 呢個PR就算
真係頂唔順 成件事都幾白痴

諗緊arch linux某程度上都幾痴線 好似話60% package都係一個人maintain
nixos仲要support更多package入repo 唔夠人手正常 用埋呢D niche browser就唯有自己maintain