I am thankful I have been away from my arch machine this past week and so never got the chance to install infected updates from the AUR, because I for sure have gotten complacent with checking entire PACKAGEBUILDs. The checker scripts the community has put together found a single potential infected package on my machine - alvr-git - but I had last installed/updated that one on may 21 (so in theory it’s clean).
When the script is three pages long on a 4k screen, and I have ten other packages to review, I have found it’s really hard to stay committed to checking it all with my own eyes. The threat of needing to nuke my entire machine and rotates all my creds will certainly help with that, sadly.
I am thankful I have been away from my arch machine this past week and so never got the chance to install infected updates from the AUR, because I for sure have gotten complacent with checking entire PACKAGEBUILDs. The checker scripts the community has put together found a single potential infected package on my machine -
alvr-git- but I had last installed/updated that one on may 21 (so in theory it’s clean).When the script is three pages long on a 4k screen, and I have ten other packages to review, I have found it’s really hard to stay committed to checking it all with my own eyes. The threat of needing to nuke my entire machine and rotates all my creds will certainly help with that, sadly.