[aur-general] acroread package compromised

Giancarlo Razzolini grazzolini at archlinux.org
Mon Jul 9 14:37:03 UTC 2018

Em julho 9, 2018 5:06 Bennett Piater escreveu:
> Looks to me like this is more of a warning than anything else, no?
> Why would he create those files otherwise, given how much attention that
> would attract?

Hi Bennet,

This would be a warning for what exactly? That orphaned packages can be adopted
by anyone? That we have a big bold disclaimer on the front page of the AUR clearly
stating that you should use any content at your own risk?

This thread is attracting way more attention than warranted. I'm surprised that
this type of silly package takeover and malware introduction doesn't happen more often.

This is why we insist users always download the PKGBUILD from the AUR, inspect it and
build it themselves. Helpers that do everything automatically and users that don't pay
attention, *will* have issues. You should use helpers even more so at your risk than
the AUR itself.

Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180709/c5133f10/attachment.sig>

More information about the aur-general mailing list