alt Hacker NewsIt isn't guaranteed that the list is conclusive.
Always check PKGBUILD and sources, AUR is not to be trusted for the most part. I'm actually more surprised that such compromise hasn't happened earlier.
Replies
matheusmoreira • today at 11:27 AM
The Arch Wiki does note that malware has made it into the AUR several times before.
> I'm actually more surprised that such compromise hasn't happened earlier.
This is like the 3rd or 4th time. It's been ongoing and persistent for the last 2 years with frequent AUR downtime as a result.
The AUR should be deprecated in its current state, simply can't be trusted and is a blemish on an otherwise great distro.