Egregoros · Phoenix Framework

Timeline

Post

Remote status

Context

kaia

@kaia@pleroma.soykaf.com remote

so after AUR packages getting compromised, which OS should I use for base OS? is FreeBSD safest?

Replying to @kaia@pleroma.soykaf.com

xenia

@gettie@fedi.catto.garden remote

@kaia if you have read the arch wiki, they suggest not to use the AUR unless you really have to, for that exact reason. packages can be compromised there. also npm is ass, that's where a lot of compromised packages come from.

so even if you use arch and use only the arch repos and avoid the AUR, you'll be fine.

Replies

Replying to @gettie@fedi.catto.garden

Phantasm

@phnt@fluffytail.org remote

@gettie @kaia You are supposed to read update diffs for specifically this reason.

Replying to @phnt@fluffytail.org

Nicro

@Nicro@fedi.absturztau.be remote

@phnt @gettie @kaia This. Also, "current -> orphaned -> new maintainer" should ring bright red alerts for any existing packages on your system. Depending on the helper you use.