I agree that that isn’t a lot of packages but it matters more which packages were compromised. Some random package like ten people have installed? Who cares. yay or spotify? We might have some problems.
Edit: after looking at the list some look fairly concerning. I’d definitely be doing a diff on my packages and the list of the compromised packages if i used Arch, btw.
So 0.28% of the 140’000 packages?
Seems like not that much.
How many malicious packages are on Googles Play Store?
I agree that that isn’t a lot of packages but it matters more which packages were compromised. Some random package like ten people have installed? Who cares. yay or spotify? We might have some problems.
Edit: after looking at the list some look fairly concerning. I’d definitely be doing a diff on my packages and the list of the compromised packages if i used Arch, btw.
unfortunately for some, it’s 100% of the 400 packages they use