Re: Arch Linux "acroread" poisoned

 

I read about that - and had to double check my system if I had it installed or not. I use the AUR a lot, but it is definitely not official at all. You have to manually install the AUR helper tools (which are discouraged) because they aren't packaged at all. Most AUR tools suggest and help the user to open the package up for viewing before going ahead with the install.

Cheers,
~Lewis

On Wed, 11 Jul 2018 at 06:31 Gordon Haverland <ghaverla@...> wrote:
TheRegister is running a story about someone who took over the Arch
Linux acroread package, and installed malware into it.

https://www.theregister.co.uk/2018/07/11/someone_modified_arch_linuxs_acrobat_reader_adds_security_warning/

The problems revolve around the "extra" Arch User Repositories (AUR).

--

Gord




Join elug@groups.io to automatically receive all group messages.