12 Jun
2026
12 Jun
'26
7:12 a.m.
As i see, recently theres very much malicioud packages, that i decided to stop updating my aur packages. We could put aur read only, so we can remove all malware and figure solutions before new one arrives.
It seems like only orphaned packages are affected. We could pause adoption or introduce a "human-in-the-loop" approach, though making the entire AUR read-only is too harsh and would affect legitimate packages and established maintainers. I am in favor of the human-in-the-loop approach, where contributors can push a commit to an orphaned package, but that commit is not reflected for anyone else—and the package is not officially adopted—until moderators approve the commit and the adoption. 1F616EMO