[aur-general] acroread package compromised

Ben Oliver ben at bfoliver.com
Mon Jul 9 14:53:17 UTC 2018


On 18-07-09 11:37:03, Giancarlo Razzolini via aur-general wrote:
>This is why we insist users always download the PKGBUILD from the AUR, 
>inspect it and
>build it themselves. Helpers that do everything automatically and users that don't pay
>attention, *will* have issues. You should use helpers even more so at your risk than
>the AUR itself.

Agreed. It's important to understand what the AUR is and how it works 
before using it.

Without this, a helper is simply granting anyone permission to run 
scripts on your computer.

If you are at all surprised by this takeover, then defintely start 
reading the wiki:

https://wiki.archlinux.org/index.php/Arch_User_Repository
https://wiki.archlinux.org/index.php/PKGBUILD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20180709/b8616789/attachment.asc>


More information about the aur-general mailing list