Currently you can use https://github.com/lenucksi/aur-malware-check to do a check if you’re infected. My main server was safe, still haven’t tested on my wayland machine though, I went yolo with that one. No important keys at least are there.
I don’t use arch, btw.
This must be fake news because several hundred people told me there is no malware on Linux.
They should have some sort of static code scanners on the repos at rest at this point that look for certain patterns and issue warnings.
I wish it was that simple but I doubt there is any scanner that can differentiate between legitimate and malicious code.
Maybe an AI but even then it would probably be quite unreliable.
These guys are slacking! Didn’t they read the RFC for this?
https://www.rfc-editor.org/info/rfc3514/ https://en.m.wikipedia.org/wiki/Evil_bit
Amateurs!
does a linux mint-using idiot need to worry about this, hypothetically speaking?
Generally not. The AUR stands for Archlinux User Repository. It’s their repo. Unless added as a source manually, you will never see a package from it.
thank you!
This pertains to Arch’s AUR (Arch User Repository). On Mint, nothing you do will interact with the AUR, so you’re perfectly fine.
thank you!
I wonder if a SteamDeck could somehow get infected this way…
That would surely be a rather unlikely scenario but it’s interesting.
Highly likely, actually. SteamOS is Arch-based, and if a user installs things through the AUR on their deck (like a password manager or a VPN that isn’t part of the official upstream repo), then it would be infected exactly the same as any other Arch-derived OS.
