You won't see new developers sharing their apps with Arch Linux users in the near future.AUR (Arch User Repository), the Linux distribution's largest repo for community software, is blocking new registrations while maintainers deal with a malware crisis.Lenovo ThinkPad X1 Carbon with Linux The Lenovo ThinkPad X1 Carbon with Linux takes everything that is great about the iconic ThinkPad line, adds powerful hardware, and lets you choose between Fedora or Ubuntu pre-installed.
See at Lenovo Expand Collapse AUR's overseers have found and pulled over 1,500 malware-infested app packages, explains.While the maintenance team hasn't openly confirmed that it's blocking sign-ups, attempts to visit the registration page produce errors despite everything else working as usual.This appears to be an attempt to catch up on cleaning the repo before allowing new developers.
It's not known when AUR might re-open access, or whether its team is planning any policy changes to prevent repeat incidents.For now, you'll need to look to alternate repos or direct downloads if the software you want isn't available through this normal channel.Why is Arch Linux dealing with a malware problem? Attackers and a lack of screening may be to blame It's not clear who is behind the malware in AUR software packages, including whether there's a coordinated effort behind them.
There has been more than one wave, however, with the second including malicious code that's harder to detect.The intruders are adapting, in other words.However, Arch Linux users have argued that a security incident like this was just a matter of time.
AUR isn't an official repo, and doesn't have in-depth screening methods like trusted user auditing or controlled binary package creation.Until now, it was relatively easy for a malware creator to register and spread hostile apps.Related Here's How I Avoid AUR Malware on Arch Linux Learn the basics of keeping your Arch Linux system safe and secure from an Arch daily driver.
Posts By Dibakar Ghosh As Reddit users suggest, a stricter vetting system (possibly as an official repo) might slow down the app submission process but could significantly improve trust.You might be more likely to use Arch Linux if you know that its go-to software portal is reasonably safe.Some rivals have more thorough screening processes.
Ubuntu's Snap Store vets new developers, conducts automated checks, and requires manual reviews for software that wants expanded permissions.While that might not appeal to free and open source (FOSS) enthusiasts who want more freedom, it also prevents malware surges like the one Arch has experienced.
Read More
