Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages

	Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages(phoronix.com)
	314 points by qwertox 1 day ago \| 203 comments
	tl;dr: Arch Linux's AUR user-contributed repository was hit with a malware incident that ultimately affected over 1,579 packages — far more than the initially reported 400. Developers say they've now deleted all known malicious commits, though they note the published list still doesn't capture every affected package.
	HN Discussion: ↑AUR wrappers and automated installs are too convenient and increase risk; manual review is safer ↑AUR needs policy/process changes like maintainer-change detection, adoption limits, and vuln scanning •Practical help: how to detect infection and check affected packages on your system ↑Community action like adopting orphaned packages can mitigate future attacks ~This is a broader package-management ecosystem problem, not unique to AUR