Hacker News new | ask | show | jobs
by Grombobulous 2 days ago
I would still note that this is not some kind of unique problem to Linux. There have been documented instances of malware making it to the Play Store, which is supposed to have a much more rigorous vetting process than AUR and costs actual money to publish on.
2 comments
shakna 2 days ago
Just to expand... When the above user is comparing to Windows, who got most of the US government breached, I do think shade against AUR is uncalled for. Its just a community host for packages, comes with warnings, and isn't enabled by default, etc.

I can still happily upgrade via pacman without fear. Haven't been able to update on Windows without concern for over a decade - the malware comes builtin.

[0] https://www.cisa.gov/sites/default/files/2024-03/CSRB%20Revi...

link
Grombobulous 1 day ago
Exactly.

I only have 4 packages installed with AUR and I think that’s the intention. You’re only going there when the other solutions aren’t available or don’t make sense.

link
inigyou 1 day ago
Linux users used to say "Linux is secure and doesn't get viruses". Now the best thing we can say about it is "Linux gets viruses just like the Play Store". Sad if you ask me.
link
Grombobulous 1 day ago
I think anyone who has made that claim was probably trying to be smug or didn’t actually understand security concepts, and was never correct to be making that claim.

Only Apple has made that claim in their marketing and that was 20 years ago when security by obscurity was shielding them, and when Windows XP was such a cesspool that anything with a normal amount of malware would look virus-free by comparison.

link