The Arch User Repository (AUR) has been subjected to a sustained attack recently. The attacker, [...]
  • stuner@lemmy.world
    13·
    2 days ago

    It really should be shut down for Arch’s sake.

    I think it should really be split into two parts:

    1. The more widely used packages should be moved to an official repository with review procedures. Perhaps the (quality) requirements can be lower, but these must be reviewed by trusted people.
    2. The remaining packages should be moved to user namespaces, like the other user-package repos do. That will at least prevent (most) takeover attacks.
    • ZombieCyborgFromOuterSpace@piefed.caEnglish
      1·
      2 days ago

      @jpv2390@discuss.tchncs.de just below your comment, quoted the Arch wiki on the original purpose of the AUR.

      The AUR was created to organize and share new packages from the community and to help expedite popular packages’ inclusion into the extra repository.

      Source

      Thanks @jpv2390@discuss.tchncs.de