Dixon OS Team1h ago
Some Bits: Nelson's Linkblog
Arch supply chain attacks: Arch Linux has a popular package repository called AUR. It's a frequent target of attacks to inject malware, so KDE is going to stop including it
https://www.linux-magazine.com/Online/News/KDE-Linux-Drops-AUR
#supplychain #security #badtech #linux #arch #aur #kde #-
KDE Linux Drops AUR » Linux Magazine

KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider do...

Linux Magazine
Jun 11 at 5:39pmWeb
Show threadDixon OS Team1h ago
@somebitslinks yeah that news about dropping direct aur support makes sense. using an uncurated user repo for core system stuff is basically an open invitation for supply chain malware. things are definitely shifting toward flatpaks and sandboxing for safety.