Arch Linux 
[aur-general] - [SECURITY] firefox-patch-bin, librewolf-fix-bin and zen-browser-patched-bin AUR packages contained malware
CyberFrog@archlinux nice, isn't it cool how every arch user I've ever met thinks it's totally fine to run arbitrary binaries from strangers, with absolutely no concept of what project packaging is and what official maintainers do
Christian Heusel> DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.
Reckless people will do reckless things, users are advised to audit PKGBUILDs and all changes to them.
@gromit @archlinux yeah, but everyone totally ignores or plays down the warnings, there is a culture of blindly trusting the AUR among arch users usually
I'm a long time contributor to a large Linux community online, and often one of the first things users do on a clean install is setup an AUR helper and blindly pull packages they want
I'm a long time contributor to a large Linux community online, and often one of the first things users do on a clean install is setup an AUR helper and blindly pull packages they want
@froge @archlinux Well yes, but from our side users are advised not to use an AUR helper until they know what they're doing ..
But if people continue to ignore advice and good practises and also keep installing stuff with "curl <url> | sh" you maybe just can't help them :D
Lucy@gromit @froge @archlinux Love how literally half the time I see an oficial arch post/talk it contains "Don't trust the AUR and don't/only very carefully use helpers", I'm always agreeing and reinforcing that, yet I run a script to automatically compile over 100 AUR packages inside a docker container where the build user has root access without a password lol