CachyOS, which is one of the fastest growing distros and gets haphazardly recommended to tons of gaming refugees, ships with paru by default. Millions of forums, search results and LLM outputs encourage those same users to install stuff from AUR.
Any arch distro that has a sizeable non technical user base should know better than to ship or encourage using AUR. Shit like this is how we kill the “Year of the Linux desktop”.
This is exactly how we make the year of linux happen. For an alternative OS to enter mainstream it needs to be at the level os windows, so should have lots of malware around.
The problem is the delivery mechanism. Malware is quite rare in linux because we trust the maintainers. Unlike in windows where you’re normalized to download executable off of the internet
Edit:
What I meant is that notice almost always all of the attack on linux is supply chain based and not direct malware download. Be it via typosquat, package manager repository hijacking, or even long game like xz
CachyOS, which is one of the fastest growing distros and gets haphazardly recommended to tons of gaming refugees, ships with paru by default. Millions of forums, search results and LLM outputs encourage those same users to install stuff from AUR.
Any arch distro that has a sizeable non technical user base should know better than to ship or encourage using AUR. Shit like this is how we kill the “Year of the Linux desktop”.
This is exactly how we make the year of linux happen. For an alternative OS to enter mainstream it needs to be at the level os windows, so should have lots of malware around.
The problem is the delivery mechanism. Malware is quite rare in linux because we trust the maintainers. Unlike in windows where you’re normalized to download executable off of the internet
Edit: What I meant is that notice almost always all of the attack on linux is supply chain based and not direct malware download. Be it via typosquat, package manager repository hijacking, or even long game like xz